Configures an SecGW to initiate an IKEv2 session setup request when
the peer does not initiate a setup request within a specified time interval.
This command is only available for a WSG service configured for site-to-site
(S2S) deployment mode (VPC only).
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration >
WSG-Service Configuration
configure > context
context_name
> wsg-service
service_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-wsg-service)#
Syntax
peer-list peer_list_name
no peer-list
no
Disables the current peer list and SecGW as an IKE initiator
functionality.
peer_list_name
Specifies the name of an existing peer list as an alphanumeric string
of 1 through 79 characters. The crypto peer list must have been previously
created using the Global Configuration mode
crypto peer-list command.
Usage Guidelines
Enables the use of a peer list so that the SecGW can act as an
initiator of an IKEv2 call session. The WSG service deployment mode must be
configured as site-to-site for the
peer-list command to execute.
The following limitations apply when the SecGW as initiator feature is
enabled:
- The SecGW will only support up to 1,000 peers. This restriction is
applied when configuring a crypto peer list.
- SecGW will not support the modification of an IPv4/IPv6 peer list
on the fly (call sessions in progress). The modification will be allowed only
after all the calls are removed.
When a peer list has been configured in the WSG service, the initiator
and responder mode timer intervals each default to 10 seconds. The SecGW will
wait for 10 seconds in the responder mode for a peer session initiation request
before switching to the initiator mode and waiting 10 seconds for a peer
response.
You can change the default settings for the initiator and/or responder
mode intervals using the WSG Service mode
initiator-mode-duration and
responder-mode-duration commands.
See the
IPSec Reference for additional information on configuring
an SecGW as an IKE initiator.
Examples
The following command enables the user of a peer list named
peer1.
peer-list peer1