Configures an SecGW to initiate an IKEv2 session setup request when
the peer does not initiate a setup request within a specified time interval.
This command is only available for a WSG service configured for site-to-site
(S2S) deployment mode (VPC only).
Security Administrator, Administrator
Exec > Global Configuration > Context Configuration >
configure > context
Entering the above command sequence results in the following prompt:
Disables the current peer list and SecGW as an IKE initiator
Specifies the name of an existing peer list as an alphanumeric string
of 1 through 79 characters. The crypto peer list must have been previously
created using the Global Configuration mode
crypto peer-list command.
Enables the use of a peer list so that the SecGW can act as an
initiator of an IKEv2 call session. The WSG service deployment mode must be
configured as site-to-site for the
peer-list command to execute.
The following limitations apply when the SecGW as initiator feature is
- The SecGW will only support up to 1,000 peers. This restriction is
applied when configuring a crypto peer list.
- SecGW will not support the modification of an IPv4/IPv6 peer list
on the fly (call sessions in progress). The modification will be allowed only
after all the calls are removed.
When a peer list has been configured in the WSG service, the initiator
and responder mode timer intervals each default to 10 seconds. The SecGW will
wait for 10 seconds in the responder mode for a peer session initiation request
before switching to the initiator mode and waiting 10 seconds for a peer
You can change the default settings for the initiator and/or responder
mode intervals using the WSG Service mode
IPSec Reference for additional information on configuring
an SecGW as an IKE initiator.
The following command enables the user of a peer list named