lifetime-notification-message enable

Function

The lifetime-notification-message enable command enables a device to send IKE SA lifetime notification messages.

The undo lifetime-notification-message enable command disables a device from sending IKE SA lifetime notification messages.

By default, the device does not send IKE SA lifetime notification messages.

Format

lifetime-notification-message enable

undo lifetime-notification-message enable

Parameters

None

Views

IKE peer view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run the sa duration command to configure an IKE SA lifetime in an IKE proposal. If the IKE SA lifetimes of two ends are different, the two ends use the smaller IKE SA lifetime for IKE negotiation.

When a Huawei device (responder) wants to set up an IPSec tunnel with a Cisco systems VPN client (initiator) and the IKE SA lifetimes configured at two ends are different, you can run this command to enable the Huawei device to send IKE SA lifetime notification messages to the Cisco device to ensure successful IKE negotiation between them. If the Huawei device is disabled from sending IKE SA lifetime notification messages to the peer, the IKE negotiation fails.
You can also run this command when two Huawei devices need to set up an IPSec tunnel. However, the configuration takes effect on the responder only. If you cannot determine which end is the initiator, you are advised to configure this command on devices at both ends.

Precautions

This command is supported by IKEv1 only.

Example

# Enable the IKE peer named peer1 to send IKE SA lifetime notification messages.

<sysname> system-view
[sysname] ike peer peer1
[sysname-ike-peer-peer1] undo version 2
[sysname-ike-peer-peer1] lifetime-notification-message enable