1. ACLI Reference Guide
  2. ACLI Configuration Elements A-M
  3. ike-accounting-param

ike-accounting-param

The ike-sainfo configuration element enables negotiation and establishment of IPsec tunnels. To configure this element, install your platform-specific IPsec license.

Parameters

name
Specifies the unique name of this instance of the ike-accounting-param configuration element. You use this name to assign the IPsec accounting parameter list to an IKEv2 interface
  • Default: None
  • Values: A valid configuration element name, that is unique within the 
 ike-sainfo namespace
radius-accounting-events
Specifies IPsec events that trigger an IPsec accounting transaction. Supported values include:
  • Default:
  • Values:
  • none—disables RADIUS-based IPsec Accounting.
  • early-start—triggers an Accounting Request Start packet on initiation of IKEv2 SA negotiation.
  • start—triggers an Accounting Request Start packet on tunnel establishment.
  • stop—triggers an Accounting Request Stop packet on tunnel tear-down.
  • interim-ipsec-rekey—triggers an Accounting Request Interim-Update packet on IPsec tunnel re-keying.
  • interim-ike-rekey—triggers an Accounting Request Interim-Update packet on IKEv2 Security Association rekeying.

The early-start and start events are mutually exclusive; you can select only one start event.

If early-start is selected, the Security Gateway schedules two accounting transactions. The first transaction is an Accounting Request Start packet triggered by the start of IKEv2 SA negotiation. The second transaction depends on the success or failure of tunnel establishment. Successful tunnel establishment triggers an Interim-Update packet that provides the tunnel details usually found in the standard Accounting Request Start packet. Tunnel failure triggers an Accounting Request Stop packet.

Use double quotes to bracket parameter arguments if multiple events trigger accounting transaction; leave a space between event names.

This command triggers an accounting transaction for four reportable events.

diameter-accounting-events
Specifies specific IPsec events that trigger an IPsec accounting exchange. Supported values include:
  • none—disables DIAMETER-based IPsec Accounting
  • start—triggers an Accounting Request Start packet on tunnel establishment
  • stop—triggers an Accounting Request Stop packet on tunnel tear-down
  • interim-ipsec-rekey—not supported in this current release. Support scheduled for inclusion in a subsequent release.
  • interim-ike-rekey—not supported in this current release. Support scheduled for inclusion in a subsequent release

Use double quotes to bracket parameter arguments if multiple events trigger accounting transaction; leave a space between event names.

This command triggers an accounting transaction for four reportable events.

intermediate-period
For RADIUS-based IPsec accounting only, use the intermediate-period parameter to specify the interval at which the Security Gateway generates Accounting Request Interim-Update packets.

Supported values are integers within the range 0 (the default) through 65535. The default value (0) disables the generation of interim packets. Any non-default value, within the allowable range, specifies the frequency, in seconds, of interim updates.

Any value less than 60 generates a warning that such frequent transactions can impact system performance.

Path

ike-accounting-param is a subelement under the ike element. The full path from the topmost ACLI prompt is: security > ike > ike-accounting-param.

Note:

This is a multiple instance configuration element.