Configuring Ike Peer - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide
Table 8-6 Select Diffie-Hellman group ID
Select Diffie-Hellman group ID
Restore the default value of Diffie-Hellman
group ID
By default, 768-bit Diffie-Hellman group (group 1) is selected.
VI. Configuring lifetime of ISAKMP SA (optional)
This configuration is used to specify the lifetime of ISAKMP SA used by an IKE
proposal.
Perform the following configuration in IKE proposal view.
Table 8-7 Set sa duration of IKE SA
Configure lifetime of IKE SA.
Restore the default lifetime.
If sa duration expires, the ISAKMP SA will automatically update. The SA lifetime can
be set as one number between 60 and 604800 seconds. As the time spent calculating
DH during IKE negotiation is long on a low-end router, consider to set the sa duration
greater than 10 minutes to prevent ISAKMP SA updates from affecting security
communication.
The SA will negotiate another one to replace the old SA before the set SA duration is
exceeded. The starting time of the soft timeout is 90% of the SA duration timeout. The
old SA will be cleared automatically when the SA duration is exceeded, which can be
called hard timeout.
By default, the ISAKMP SA duration is 86400 seconds (a day).

8.2.3 Configuring IKE Peer

I. Creating an IKE peer
Perform the following configuration in system view.
Table 8-8 Configure IKE peer
Configure an IKE peer and access the IKE peer view.
Delete the IKE peer.
Operation
Operation
Operation
3Com Corporation
8-7
Chapter 8 IKE Configuration
Command
dh { group1 | group2 | dh-group5
| dh-group14 }
undo dh
Command
sa duration seconds
undo sa duration
ike peer peer-name
undo ike peer peer-name
Command