The ike heartbeat-timer interval command sets the interval for sending heartbeat packets through an IKE SA.
The undo ike heartbeat-timer interval command cancels the configuration.
By default, an IKE SA does not send heartbeat packets.
Parameter |
Description |
Value |
|---|---|---|
interval |
Specifies the interval for sending heartbeat packets through an IKE SA. |
The value is an integer that ranges from 20 to 28800, in seconds. |
Usage Scenario
After heartbeat detection is enabled, the local end periodically sends detection packets to the remote end. If the remote end does not receive packets after the heartbeat timer expires, the remote end considers the local end faulty. IKE can send heartbeat packets to detect IKE peer faults and maintain the IKE SA link status. This command sets the interval for sending heartbeat packets through an IKE SA.
The interval at which heartbeat packets are sent (configured using the ike heartbeat-timer timeout command) at the local end must be used with the timeout interval of heartbeat packets (configured using the ike heartbeat-timer timeout command) at the remote end. If the remote end does not receive any heartbeat packet within the timeout interval, it deletes the IKE SA with a timeout tag along with its corresponding IPSec SA. If the IKE SA does not have a timeout tag, it is marked as timeout.
Precautions
When the ike heartbeat-timer interval command is configured at one end, the ike heartbeat-timer timeout command must be used at the other end.
The timeout interval of heartbeat packets must be longer than the interval at which heartbeat packets are sent. On a network, packet loss seldom occurs more than three consecutive times. Therefore, it is recommended that the timeout interval of heartbeat packets be three times the interval at which heartbeat packets are sent.