This command is used to configure mapping of the configuration payload attributes for a crypto vendor template.

remove

Removes mapping of the configuration payload attributes.

private-attribute-type

Defines the private payload attribute.

imei integer

Defines an International Mobile Equipemnt Identity number. Default value is 16391.

integer must be an integer from 16384 to 32767.

p-cscf-v4 v4_value

Defines the IPv4 pcscf payload attribute value. Default value is 16384.

v4_value is an integer from 16384 to 32767.

p-cscf-v6 v6_value

Defines IPv6 pcscf payload attribute value. Default value is 16390.

v6_value is an integer from 16384 to 32767.

Executes all show commands while in Configuration mode.

Exits the current configuration mode and returns to the Exec mode.

Exits the current mode and returns to the parent configuration mode.

Configures parameters for the IKEv2 IKE Security Associations within this vendor template.

remove

Disables a previously enabled ikev2-ikesa configuration.

fragmentation

Enables IKESA fragmentation (Tx) and re-assembly (Rx).

Default: IKESA fragmentation and re-assembly is allowed.

ignore-rekeying-requests

Ignores received IKE_SA Rekeying Requests.

mobike [ cookie-challenge ]

IKEv2 Mobility and Multihoming Protocol (MOBIKE) allows the IP addresses associated with IKEv2 and tunnel mode IPSec Security Associations to change. A mobile Virtual Private Network (VPN) client could use MOBIKE to keep the connection with the VPN gateway active while moving from one address to another. Similarly, a multi-homed host could use MOBIKE to move the traffic to a different interface if, for instance, the one currently being used stops working. Default: Disabled

cookie-challenge : Use this keyword to enable the return routability check. The Gateway performs a return routability check when MOBIKE is enabled along with this keyword. A return routability check ensures that the other party can receive packets at the claimed address. Default: Disabled

rekey [ disallow-param-change ]

Specifies if IKESA rekeying should occur before the configured lifetime expires (at approximately 90% of the lifetime interval). Default is not to re-key.

The disallow-param-change option prevents changes in negotiation parameters during rekey.

transform-set list

Specifies the name of a context-level configured IKEv2 IKE Security Association transform set.

name1 through name6 must be an existing IKEv2 IKESA Transform Set expressed as an alphanumeric string of 1 through 127 characters.

The transform set is a space-separated list of IKEv2-IKESA SA transform sets to be used for deriving IKEv2 IKE Security Associations from this crypto template. A minimum of one transform-set is required; maximum configurable is six.

Configures keepalive or dead peer detection for security associations used within this vendor template.

no

Disables keepalive messaging.

remove

Removes previously configured keepalive messaging.

interval sec

Specifies the duration (in seconds) after which the next keepalive request is sent.

sec must be an integer from 10 through 3600.

Default: 3600 seconds

timeout timeout_seconds

Specifies the duration (in seconds) after which keepalive times out.

timeout_seconds must be an integer from 10 through 3600. Default: 10

num-retry retry_seconds

Specifies the total number of times to resend the keepalive request after timing out.

retry_seconds must be an integer from 1 through 100. Default: 2

Creates a new, or specifies an existing, crypto template vendor payload, and enters the Crypto Template IKEv2 Vendor Payload Configuration Mode.

no

Removes a previously configured crypto template IKEv2 vendor payload.

vendor_payload

vendor_payload must be an alphanumeric string of 1 through 127 characters.