Displays global Internet Key Exchange version 2 (IKEv2) configuration information.

show ikev2

User EXEC mode

This command may be entered in all configuration modes.

The show ikev2 command displays the following information:

Output field Description
Retry Count The maximum number of attempts that are permitted to retransmit a message. The range is from 1 through 25. The default value is 5.
Max Exchange Time The maximum setup time (in seconds) for an exchange. The range is from 0 through 300. The default value is 30 seconds.
Retransmit Interval The length of time (in seconds) that an IKEv2 task waits before attempting to resend a packet. The range is from 1 through 60. The default value is 5 seconds. The interval between each resend attempt is increased by the value of the retransmit interval; that is, the retransmit interval increases exponentially.
Max SA The maximum number of IKEv2 SAs that may be on a node. The range is from 1 through 256. The default value is 256.
Max SA In Nego The maximum number of IKEv2 security associations (SAs) that may be "in negotiation" on a node. The range is from 1 through 256. The default value is 256.
Total IPSEC Intf The total number of IPsec tunnel interfaces.
Total Peers The total number of peers.
Total IPSEC SA The total number of IPsec SAs (for the total number of IKEv2 SAs).
Total IKE SA The total number of IKEv2 SAs including SAs in active, constructing, and dying states.
Cookie Challenge Number The threshold for issuing an IKEv2 cookie challenge. A challenge is issued when the number of half-open IKEv2 security associations (SAs) crosses the threshold value. The range is from 1 through 512. Cookie challenge is disabled by default.
Http Cert Enable When HTTP Cert is enabled then HTTP_CERT_LOOKUP_SUPPORTED is sent with the CERT_REQ payload. HTTP Cert is disabled by default.

The following example displays global IKEv2 configuration information.


device# show ikev2
IKEv2 Global data:
Retry Count          : 5             Max Exchange Time       : 30     
Retransmit Interval  : 5             Max SA                  : 256    
Max SA In Nego       : 32            Total IPSEC Intf        : 0      
Total Peers          : 0             Total IPSEC SA          : 0      
Total IKE SA         : 0             Cookie Challenge Number : 0      
NAT-T Support enabled: True          NAT Keepalive           : 5
Http Cert Enable        : False (True/False)
Release version Command history
08.0.50 This command was introduced.