ike-interface
The ike-interface configuration element enables creation of multiple IKE-enabled interfaces.
Syntax
- state
- Enable or disable this IKE interface.
- ike-version
- Set the IKEv1 version for this IKE interface.
- Default: 0—Use the IKE version set in the ike-config,
- Values: 1
- Values: 2
- address
- Enter the IPv4 address of a specified IKEv1 interface.
- Default: none
- Values: Any valid IPv4 address
- realm-id
- Enter the name of the realm that contains the IP address
assigned to this IKEv1 interface.
- Default: none
- Values: Name of an existing realm configuration element.
- ike-mode
- Select the IKE operational mode.
- Default: responder
- Values: initiator | responder
- local-address-pool-id-list
- Select a list local address pool from a list of configured local-address-pools.
- dpd-params-name
- Enter the specific set of DPD operational parameters assigned to
this IKEv1 interface (relevant only if the Dead Peer Detection (DPD)
Protocol is enabled).
- Default: None
- Values: Name of an existing dpd-params configuration element.
- v2-ike-life-secs
- Enter the default IKEv2 SA lifetime in seconds
- Default: 86400 (24hours)
- Values: Min: 1 / Max: 999999999 (seconds)
Note:
The global default can be over-ridden at the IKEv2 interface level. - v2-ipsec-life-secs
- Enter the default IPsec SA lifetime in seconds.
- Default: 28800 (8 hours)
- Values: Min:1 / Max: 999999999 (seconds)
Note:
This global default can be over-ridden at the IKEv2 interface level. - v2-rekey
- Enable to initiate new negotiations to restore expired IKEv2 or IPsec SAs. The SBC makes a maximum of three retransmission attempts before abandoning the re-keying effort.
- esnSupport
- Enable to support Extended Sequence Number (ESN) per RFC 4304.
- shared-password
- Enter the interface-specific PSK used during IKE SA
authentication. This IKEv1-specific value over-rides the global default
value set at the IKE configuration level.
- Default: none
- Values: a string of ACSII printable characters no longer than 255 characters (not displayed by the ACLI).
- eap-protocol
- Enter the EAP protocol used with IKEv2.
- Default: eap-radius-pssthru
- Values:
- eap-md5
- eap-tls
- eap-leap
- eap-sim
- eap-srp
- eap-ttls
- eap-aka
- eap-peap
- eap-mschapv2
- eap-fast
- eap-psk
- eap-radius-passthru
Note:
The current software performs EAP operations by a designated RADIUS server or server group; retain the default value. - addr-assignment
- (Optional) Specify the method used to assign addresses in response to an IKEv2 Configuration Payload request.
- sd-authentication-method
- Enter the allowed Oracle Communications Session Border Controller authentication methods
- Default: none
- Values: none-Use the authentication method defined in ike-config for this interface | shared-password - Endpoints authenticate the Oracle Communications Session Border Controller using a shared password | certificate-Endpoints authenticate the Oracle Communications Session Border Controller using a certificate
- certificate-profile-id-list
- Select an IKE certificate profile from a list of configured ike-certificate-profiles.
- cert-status-check
- (Optional) Enable certificate status checking using either Online Certificate Status Profile (OCSP) or a local copy of a Certificate Revocation List.
- cert-status-profile-list
- (Optional) Assign one or more cert-status-profile configuration elements to this IKEv2 interface.
- access-control-name
- Specifies the ike-access-control list to use on this IKE interface. The list assignment applies the IKEv2 DDOS, allowlist and blocklist protection configured within the ike-access-control object to the interface.
- tunnel-orig-name-list
- Specifies the name the tunnel-origin-params element to be applied to this IKE interface.
Path
ike-interface is a subelement under the ike element. The full path from the topmost ACLI prompt is: configure terminal, security, ike, ike-interface.
Note:
This is a multiple instance configuration element.