Configuring Global SPI and VPN Monitoring Features
Before you begin, understand global SPI and VPN monitoring features. See Understanding Global SPI and VPN Monitoring Features.
In this example, you configure the device to detect and respond five times to a bad IPsec SPI before deleting the SA and initiating a new one. You also configure the device to monitor the VPN by sending ICMP requests to the peer every 15 seconds, and to declare the peer unreachable after 15 unsuccessful pings.
To configure global VPN settings in the CLI editor:
- Specify global VPN settings.
user@host# set security ike respond-bad-spi 5user@host# set security ipsec vpn-monitor-options interval 15 threshold 15