show ikev2
-
- Last UpdatedSep 23, 2020
- 2 minutes read
Displays global Internet Key Exchange version 2 (IKEv2) configuration information.
User EXEC mode
This command may be entered in all configuration modes.
The show ikev2 command displays the following information:
Output field | Description |
---|---|
Retry Count | The maximum number of attempts that are permitted to retransmit a message. The range is from 1 through 25. The default value is 5. |
Max Exchange Time | The maximum setup time (in seconds) for an exchange. The range is from 0 through 300. The default value is 30 seconds. |
Retransmit Interval | The length of time (in seconds) that an IKEv2 task waits before attempting to resend a packet. The range is from 1 through 60. The default value is 5 seconds. The interval between each resend attempt is increased by the value of the retransmit interval; that is, the retransmit interval increases exponentially. |
Max SA | The maximum number of IKEv2 SAs that may be on a node. The range is from 1 through 256. The default value is 256. |
Max SA In Nego | The maximum number of IKEv2 security associations (SAs) that may be "in negotiation" on a node. The range is from 1 through 256. The default value is 256. |
Total IPSEC Intf | The total number of IPsec tunnel interfaces. |
Total Peers | The total number of peers. |
Total IPSEC SA | The total number of IPsec SAs (for the total number of IKEv2 SAs). |
Total IKE SA | The total number of IKEv2 SAs including SAs in active, constructing, and dying states. |
Cookie Challenge Number | The threshold for issuing an IKEv2 cookie challenge. A challenge is issued when the number of half-open IKEv2 security associations (SAs) crosses the threshold value. The range is from 1 through 512. Cookie challenge is disabled by default. |
Http Cert Enable | When HTTP Cert is enabled then HTTP_CERT_LOOKUP_SUPPORTED is sent with the CERT_REQ payload. HTTP Cert is disabled by default. |
The following example displays global IKEv2 configuration information.
device# show ikev2
IKEv2 Global data:
Retry Count : 5 Max Exchange Time : 30
Retransmit Interval : 5 Max SA : 256
Max SA In Nego : 32 Total IPSEC Intf : 0
Total Peers : 0 Total IPSEC SA : 0
Total IKE SA : 0 Cookie Challenge Number : 0
NAT-T Support enabled: True NAT Keepalive : 5
Http Cert Enable : False (True/False)
Release version | Command history |
---|---|
08.0.50 | This command was introduced. |