EasyManuals Logo

Cisco IOS XR User Manual

Cisco IOS XR
254 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #133 background imageLoading...
Page #133 background image
Implementing IPSec Network Security on Cisco IOS XR Software
How to Implement General IPSec Configurations for IPSec Networks
SC-121
Cisco IOS XR System Security Configuration Guide
Note This IPSec feature is supported only on the Cisco IPSec VPN SPA.
Lifetimes for IPSec Security Associations
Cisco IOS XR software currently allows the configuration of lifetimes for IPSec SAs. Lifetimes can be
configured globally or for each crypto profile. Two lifetimes exist: a “timed” lifetime and a
“traffic-volume” lifetime. A security association expires after the first of these lifetimes is reached.
IPSec Security Association Idle Timers
The IPSec SA idle timers are different from the global lifetimes for IPSec SAs. The expiration of the
global lifetime is independent of peer activity. The IPSec SA idle timer allows SAs associated with
inactive peers to be deleted before the global lifetime has expired.
If the IPSec SA idle timers are not configured, only the global lifetimes for IPSec SAs are applied. SAs
are maintained until the global timers expire, regardless of peer activity.
Note If the last IPSec SA to a given peer is deleted because of idle timer expiration, the Internet Key Exchange
(IKE) SA to that peer is also deleted.
Configuring the IPSec SA Idle Timer Globally
This task configures IPSec security association (SA) idle timers globally.
SUMMARY STEPS
1. configure
2. crypto ipsec security-association idle-time seconds
3. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/0/CPU0:router# configure
Enters global configuration mode.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General IconGeneral
Operating SystemCisco IOS XR
ArchitectureMicrokernel
High AvailabilityYes
TypeNetwork operating system
Developed byCisco Systems
LicenseProprietary
Programming LanguageC, C++
KernelQNX
Supported PlatformsCisco ASR9000, NCS series
Security FeaturesRole-Based Access Control (RBAC), Secure Boot, Encryption
Management InterfaceCLI, SNMP, NETCONF, RESTCONF
Release Date2004
Target DevicesHigh-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported HardwareCisco routers and switches
Networking ProtocolsBGP, OSPF, IS-IS, MPLS
Virtualization SupportVirtualization-ready, supports network function virtualization (NFV) and containerization technologies.

Related product manuals