Send documentation comments to mdsfeedback-doc@cisco.com
4-119
Cisco MDS 9000 Family Command Reference
OL-8413-07, Cisco MDS SAN-OS Release 3.x
Chapter 4 C Commands
crypto global domain ipsec security-association lifetime
crypto global domain ipsec security-association lifetime
To configure global parameters for IPsec, use the crypto global domain ipsec security-association
lifetime command. To revert to the default, use the no form of the command.
crypto global domain ipsec security-association lifetime {gigabytes number | kilobytes number |
megabytes number | seconds number}
no crypto global domain ipsec security-association lifetime {gigabytes | kilobytes | megabytes
| seconds}
Syntax Description
Defaults 450 gigabytes and 3600 seconds
Command Modes Configuration mode.
Command History
Usage Guidelines To use this command, IPsec must be enabled using the crypto ipsec enable command.
The global security association lifetime value can be overridden for individual IPsec crypto maps using
the set command in IPsec crypto map configuration submode.
Examples The following example shows how to configure the system default before the IPsec.
switch# config terminal
switch(config)# crypto global domain ipsec security-association lifetime gigabytes 500
Related Commands
gigabytes number Specifies a volume-based key duration in gigabytes. The range is 1 to 4095.
kilobytes number Specifies a volume-based key duration in kilobytes. The range is 2560 to
2147483647.
megabytes number Specifies a volume-based key duration in megabytes. The range is 3 to
4193280.
seconds number Specifies a time-based key duration in seconds. The range is 120 to 86400.
Release Modification
2.0(x) This command was introduced.
Command Description
crypto ipsec enable Enables IPsec.
set (IPsec crypto map
configuration submode)
Configures IPsec crypto map entry parameters.
show crypto global domain ipsec Displays the global attributes for IPsec.
To Next Page
Loading...
Need help?
General
