ike-accounting-param
The ike-sainfo configuration element enables negotiation and establishment of IPsec tunnels. To configure this element, install your platform-specific IPsec license.
Parameters
- name
- Specifies the unique name of this instance of the ike-accounting-param
configuration element. You use this name to assign the IPsec accounting
parameter list to an IKEv2 interface
- Default: None
- Values: A valid configuration element name, that is unique within the ike-sainfo namespace
- radius-accounting-events
- Specifies IPsec events that trigger an IPsec accounting transaction. Supported
values include:
- Default:
- Values:
- none—disables RADIUS-based IPsec Accounting.
- early-start—triggers an Accounting Request Start packet on initiation of IKEv2 SA negotiation.
- start—triggers an Accounting Request Start packet on tunnel establishment.
- stop—triggers an Accounting Request Stop packet on tunnel tear-down.
- interim-ipsec-rekey—triggers an Accounting Request Interim-Update packet on IPsec tunnel re-keying.
- interim-ike-rekey—triggers an Accounting Request Interim-Update packet on IKEv2 Security Association rekeying.
The early-start and start events are mutually exclusive; you can select only one start event.
If early-start is selected, the Security Gateway schedules two accounting transactions. The first transaction is an Accounting Request Start packet triggered by the start of IKEv2 SA negotiation. The second transaction depends on the success or failure of tunnel establishment. Successful tunnel establishment triggers an Interim-Update packet that provides the tunnel details usually found in the standard Accounting Request Start packet. Tunnel failure triggers an Accounting Request Stop packet.
Use double quotes to bracket parameter arguments if multiple events trigger accounting transaction; leave a space between event names.
This command triggers an accounting transaction for four reportable events.
- diameter-accounting-events
- Specifies specific IPsec events that trigger an IPsec accounting
exchange. Supported values include:
- none—disables DIAMETER-based IPsec Accounting
- start—triggers an Accounting Request Start packet on tunnel establishment
- stop—triggers an Accounting Request Stop packet on tunnel tear-down
- interim-ipsec-rekey—not supported in this current release. Support scheduled for inclusion in a subsequent release.
- interim-ike-rekey—not supported in this current release. Support scheduled for inclusion in a subsequent release
Use double quotes to bracket parameter arguments if multiple events trigger accounting transaction; leave a space between event names.
This command triggers an accounting transaction for four reportable events.
- intermediate-period
- For RADIUS-based IPsec accounting only, use the intermediate-period parameter
to specify the interval at which the Security Gateway generates Accounting
Request Interim-Update packets.
Supported values are integers within the range 0 (the default) through 65535. The default value (0) disables the generation of interim packets. Any non-default value, within the allowable range, specifies the frequency, in seconds, of interim updates.
Any value less than 60 generates a warning that such frequent transactions can impact system performance.
Path
ike-accounting-param is a subelement under the ike element. The full path from the topmost ACLI prompt is: security > ike > ike-accounting-param.
Note:
This is a multiple instance configuration element.