Syntax

state

Enable or disable this IKE interface.

ike-version

Set the IKEv1 version for this IKE interface.

• Default: 0—Use the IKE version set in the ike-config,
• Values: 1
• Values: 2

address

Enter the IPv4 address of a specified IKEv1 interface.

• Default: none
• Values: Any valid IPv4 address

realm-id

Enter the name of the realm that contains the IP address assigned to this IKEv1 interface.

• Default: none
• Values: Name of an existing realm configuration element.

ike-mode

Select the IKE operational mode.

• Default: responder
• Values: initiator | responder

local-address-pool-id-list

Select a list local address pool from a list of configured local-address-pools.

dpd-params-name

Enter the specific set of DPD operational parameters assigned to this IKEv1 interface (relevant only if the Dead Peer Detection (DPD) Protocol is enabled).

• Default: None
• Values: Name of an existing dpd-params configuration element.

v2-ike-life-secs

Enter the default IKEv2 SA lifetime in seconds

• Default: 86400 (24hours)
• Values: Min: 1 / Max: 999999999 (seconds)

Note:

The global default can be over-ridden at the IKEv2 interface level.

v2-ipsec-life-secs

Enter the default IPsec SA lifetime in seconds.

• Default: 28800 (8 hours)
• Values: Min:1 / Max: 999999999 (seconds)

Note:

This global default can be over-ridden at the IKEv2 interface level.

v2-rekey

Enable to initiate new negotiations to restore expired IKEv2 or IPsec SAs. The SBC makes a maximum of three retransmission attempts before abandoning the re-keying effort.

esnSupport

Enable to support Extended Sequence Number (ESN) per RFC 4304.

shared-password

Enter the interface-specific PSK used during IKE SA authentication. This IKEv1-specific value over-rides the global default value set at the IKE configuration level.

• Default: none
• Values: a string of ACSII printable characters no longer than 255 characters (not displayed by the ACLI).

eap-protocol

Enter the EAP protocol used with IKEv2.

• Default: eap-radius-pssthru
• Values: eap-radius-pssthru

Note:

The current software performs EAP operations by a designated RADIUS server or server group; retain the default value.

addr-assignment

(Optional) Specify the method used to assign addresses in response to an IKEv2 Configuration Payload request.

• Default: no-assign—No assignment of local address
• radius-only—Use the radius server for the local address
• radius-local—Use the radius server first and then try the local address pool
• local—Use the local address pool to assign the local address

sd-authentication-method

Enter the allowed Oracle Communications Session Border Controller authentication methods

• Default: none
• Values: none-Use the authentication method defined in ike-config for this interface | shared-password - Endpoints authenticate the Oracle Communications Session Border Controller using a shared password | certificate-Endpoints authenticate the Oracle Communications Session Border Controller using a certificate

certificate-profile-id-list

Select an IKE certificate profile from a list of configured ike-certificate-profiles.

cert-status-check

(Optional) Enable certificate status checking using either Online Certificate Status Profile (OCSP) or a local copy of a Certificate Revocation List.

cert-status-profile-list

(Optional) Assign one or more cert-status-profile configuration elements to this IKEv2 interface.

access-control-name

Specifies the ike-access-control list to use on this IKE interface. The list assignment applies the IKEv2 DDOS, allowlist and blocklist protection configured within the ike-access-control object to the interface.

tunnel-orig-name-list

Specifies the name the tunnel-origin-params element to be applied to this IKE interface.

Path

ike-interface is a subelement under the ike element. The full path from the topmost ACLI prompt is: configure terminal, security, ike, ike-interface.