IPsec VPN Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
833
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
TO CONFIGURE IPSEC SA LIFETIME
IKE is used for SA negotiation. It requires a proposal to be configured so that a
secure channel can be established to authenticate the negotiating parties. When
both lifetime in kilobytes and lifetime in seconds is set, re-negotiation of new SA is
triggered depending on which lifetime expires first. When re-keying happens, both
lifetimes get reset.
Note: IPsec SA lifetime has a default value of 28800 seconds.
There is no default value for IPsec SA lifetime in Kilobytes.
E
XAMPLE
ALU(config-crypto-ike-policy-P1)# ipsec security-association
lifetime kilobytes 5400
ALU(config-crypto-ike-policy-P1)# ipsec security-association
lifetime seconds 5400
ALU(config-crypto-ike-policy-P1)# no ipsec security-association
lifetime kilobytes
ALU(config-crypto-ike-policy-P1)# no ipsec security-association
lifetime seconds
Command (in IKE Policy CM) Description
ipsec security-association
lifetime {kilobytes <512-
2147483647>|seconds <540-86400>}
This command is used to configure
the IPsec SA lifetime in kilobytes/
seconds.
no ipsec security-association
lifetime {kilobytes|seconds}
The ‘no’ command resets the IPsec
SA lifetime in seconds value to its
default.
The ‘no’ command removes the
IPsec SA lifetime in kilobytes value.
To Next Page
Loading...
