Configuring global parameters for IKEv2

Global Internet Key Exchange version 2 (IKEv2) parameters are configured independently of peer configurations.

When you need to change the default values, use the following commands in global configuration mode to configure global parameters for IKEv2.

For further information and the default values for specific commands, refer to the RUCKUS FastIron Command Reference.

  • Use the ikev2 exchange-max-time command to configure the maximum setup time, in seconds, for an IKEv2 message exchange. The following example shows how to set the maximum setup time for IKEv2 message exchange to 50 seconds.
    
    device(config)# ikev2 exchange-max-time 50
    
    
  • Use the ikev2 limit max-in-negotiation-sa command to configure the maximum number of in-negotiation IKEv2 SA sessions. The following example shows how to set the maximum number of in-negotiation IKEv2 SA sessions to 10.
    
    device(config)# ikev2 limit max-in-negotiation-sa 10
    
    
  • Use the ikev2 limit max-sa command to configure the maximum number of IKEv2 SA sessions. The following example shows how to set the maximum number of IKEv2 SA sessions to 200.
    
    device(config)# ikev2 limit max-sa 200
    
    
  • Use the ikev2 retransmit-interval command to configure the delay time, in seconds, for resending IKEv2 messages. The following example shows how to set a delay time of 20 seconds.
    
    device(config)# ikev2 retransmit-interval 20
    
    
  • Use the ikev2 retry-count command to configure the number of attempts to retransmit an IKEv2 message. The following example shows how to set the number of retransmit attempts to 15.
    
    device(config)# ikev2 retry-count 15
    
    
  • Use the show ikev2 command to display the configuration of the global IKEv2 parameters.
    
    device# show ikev2
    
    IKEv2 Global data:
    Retry Count          : 15            Max Exchange Time       : 50
    Retransmit Interval  : 5             Max SA                  : 200
    Max SA In Nego       : 10            Total IPSEC Intf        : 0
    Total Peers          : 0             Total IPSEC SA          : 0
    Total IKE SA         : 0     
    

The following example shows how to configure various global IKEv2 parameters.

device# configure terminal
device(config)# ikev2 exchange-max-time 50
device(config)# ikev2 limit max-in-negotiation-sa 10
device(config)# ikev2 limit max-sa 200
device(config)# ikev2 retransmit-interval 20
device(config)# ikev2 retry-count 15