IPsec VPN Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
833
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
TO CONFIGURE IPSEC SA LIFETIME
IKE is used for SA negotiation. It requires a proposal to be configured so that a
secure channel can be established to authenticate the negotiating parties. When
both lifetime in kilobytes and lifetime in seconds is set, re-negotiation of new SA is
triggered depending on which lifetime expires first. When re-keying happens, both
lifetimes get reset.
Note: IPsec SA lifetime has a default value of 28800 seconds.
There is no default value for IPsec SA lifetime in Kilobytes.
E
XAMPLE
ALU(config-crypto-ike-policy-P1)# ipsec security-association
lifetime kilobytes 5400
ALU(config-crypto-ike-policy-P1)# ipsec security-association
lifetime seconds 5400
ALU(config-crypto-ike-policy-P1)# no ipsec security-association
lifetime kilobytes
ALU(config-crypto-ike-policy-P1)# no ipsec security-association
lifetime seconds
Command (in IKE Policy CM) Description
ipsec security-association
lifetime {kilobytes <512-
2147483647>|seconds <540-86400>}
This command is used to configure
the IPsec SA lifetime in kilobytes/
seconds.
no ipsec security-association
lifetime {kilobytes|seconds}
The ‘no’ command resets the IPsec
SA lifetime in seconds value to its
default.
The ‘no’ command removes the
IPsec SA lifetime in kilobytes value.
To Next Page
Loading...
Need help?
General
