ike-interface
The ike-interface configuration element enables creation of multiple IKE-enabled interfaces.
Syntax
- address
- Enter the IPv4 address of a specified IKEv1 interface.
- Default: none
- Values: Any valid IPv4 address
- realm-id
- Enter the name of the realm that contains the IP address assigned to this IKEv1 interface.
- Default: none
- Values: Name of an existing realm configuration element.
- ike-mode
- Select the IKE operational mode.
- Default: responder
- Values: initiator | responder
- local-address-pool
- Select a list local address pool from a list of configured local-address-pools.
- dpd-params-name
- Enter the specific set of DPD operational parameters assigned to this IKEv1 interface (relevant only if the Dead Peer Detection (DPD) Protocol is enabled).
- Default: None
- Values: Name of an existing dpd-params configuration element.
- v2-ike-life-secs
- Enter the default IKEv2 SA lifetime in seconds
- Default: 86400 (24hours)
- Values: Min: 1 / Max: 4294967295 (seconds)
Note:
The global default can be over-ridden at the IKEv2 interface level. - v2-ipsec-life-secs
- Enter the default IPsec SA lifetime in seconds.
- Default: 28800 (8 hours)
- Values: Min:1 / Max: 2 thirty two -1 (seconds)
Note:
This global default can be over-ridden at the IKEv2 interface level. - shared-password
- Enter the interface-specific PSK used during IKE SA authentication. This IKEv1-specific value over-rides the global default value set at the IKE configuration level.
- Default: none
- Values: a string of ACSII printable characters no longer than 255 characters (not displayed by the ACLI).
- eap-protocol
- Enter the EAP protocol used with IKEv2.
- Default: eap-radius-pssthru
- Values: eap-radius-pssthru
Note:
The current software performs EAP operations by a designated RADIUS server or server group; retain the default value. - addr-method
-
- Values: radius-only-Use the radius server for the local address | radius-local -Use the radius server first and then try the local address pool | local -Use the local address pool to assign the local address
- sd-authentication-method
- Enter the allowed
Oracle Communications Session Border Controller authentication methods
- Default: none
- Values: none-Use the authentication method defined in ike-config for this interface | shared-password - Endpoints authenticate the Oracle Communications Session Border Controller using a shared password | certificate-Endpoints authenticate the Oracle Communications Session Border Controller using a certificate
- certificate-profile-id-list
- Select an IKE certificate profile from a list of configured ike-certificate-profiles.
Path
ike-interface is a subelement under the ike element. The full path from the topmost ACLI prompt is:
Note:
This is a multiple instance configuration element.