display ike global config

Function

The display ike global config command displays global IKE configurations.

Format

display ike global config

Parameters

None.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to view global IKE configurations, such as the local name used in IKE negotiation, interval for sending heartbeat packets, timeout interval of heartbeat packets, and interval for sending NAT keepalive packets.

Example

# Display global IKE configurations.

<sysname> display ike global config
IKE Global Config:                                   
--------------------------------------------------------------
  IKE local-name                   : huawei
  IKE heartbeat-timer interval     : 30
  IKE heartbeat-timer timeout      : 100
  IKE nat-keepalive-timer interval : 52
  IKE sm-encryption-key-length     : disable
  IKE certificate-check            : disable
  IKEv1 phase1-phase2 sa dependent : enable
  DPD                              : enable
  DPD type                         : periodic
  DPD retry-limit                  : 3
  DPD retransmit-interval(s)       : 15
  DPD idle-time(s)                 : 30
  DPD msg                          : seq-notify-hash
  DPD packet receive if-related    : disable
  IKE call admission               : 800
  IKEv2 cookie-challenge           : 25000
  IKE DSCP                         : -
  IKEv2 id-match-certificate       : disable
  IKEv2 initial-contact            : enable
  IKEv2 delete old child-sa        : enable
--------------------------------------------------------------

**Table 1** Description of the **display ike global config** command output
Item	Description
IKE Global Config	Global IKE configurations.
IKE local-name	Local peer name used in IKE negotiation. This parameter can be configured using the ike local-name command. If the ike local-name command is not run, the device name configured using the sysname command is used for IKE negotiation.
IKE heartbeat-timer interval	Interval (in seconds) at which a device sends heartbeat packets through an IKE SA. This parameter is configured using the ike heartbeat-timer interval command.
IKE heartbeat-timer timeout	Timeout period (in seconds) of sending heartbeat packets through an IKE SA. This parameter is configured using the ike heartbeat-timer timeout command.
IKE nat-keepalive-timer interval	Interval (in seconds) at which a device sends NAT keepalive packets through an IKE SA. This parameter is configured using the ike nat-keepalive-timer interval command.
IKE sm-encryption-key-length	Whether IKE negotiation packets carry the SM encryption key length when IKE uses a digital envelope for authentication: enable disable This function is configured using the ike sm-encryption-key-length enable command.
IKE certificate-check	Whether to verify the certificate on an IKE peer: enable disable This function is configured using the ike certificate-check disable command.
IKEv1 phase1-phase2 sa dependent	Dependency between an IPSec SA and an IKE SA during IKEv1 negotiation is enabled. enable disable This function is configured using the ikev1 phase1-phase2 sa dependent command.
DPD	Whether to enable the DPD function: enable disable
DPD type	DPD mode of an IKE peer: on-demand: on-demand DPD periodic: period DPD This parameter can be configured using the ike dpd type command.
DPD retry-limit	Number of DPD retransmissions of an IKE peer. This parameter can be configured using the ike dpd command.
DPD retransmit-interval(s)	DPD packet retransmission interval of an IKE peer. This parameter can be configured using the ike dpd command.
DPD idle-time(s)	DPD idle time of an IKE peer. This parameter can be configured using the ike dpd command.
DPD msg	Payload sequence in DPD packets sent by an IKE peer: seq-hash-notify: indicates that the payload of DPD packets is in the sequence of hash-notify. seq-notify-hash: indicates that the payload of DPD packets is in the sequence of notify-hash This parameter can be configured using the ike dpd msg command.
DPD packet receive if-related	Whether to enable the function that checks whether the interface that receives DPD packets is the interface that establishes an IPSec SA: enable disable This function is configured using the ike dpd packet receive if-related enable command.
IKE call admission	Maximum number of IKE SAs to be negotiated. This parameter is configured using the ike call admission limit in-negotiation-sa command.
IKEv2 cookie-challenge	Maximum number of half-open connections allowed by IKEv2. This parameter is configured using the ikev2 cookie-challenge command.
IKE DSCP	Global DSCP value of IKE packets. This parameter can be configured using the ike dscp command.
IKEv2 id-match-certificate	Whether to enable the device to check certificate identity of the peer device when IKEv2 uses certificate negotiation: enable disable This function is configured using the ikev2 id-match-certificate enable command.
IKEv2 initial-contact	Whether the first IKE_AUTH request message carries the INITIAL_CONTACT notification payload. enable disable This function is configured using the ikev2 initial-contact enable command.
IKEv2 delete old child-sa	Whether to enable the function of instructing the peer device to delete the old child SA: enable disable This function is configured using the ikev2 delete old child-sa enable command.