Enterasys X-Pedition XSR CLI Cli Reference Manual page 571

Mode
Crypto Transform configuration:
Example
This example selects PFS group 2 whenever a new SA is negotiated for crypto map ACMEmap:
XSR(config)#crypto map ACMEmap 7 ipsec-isakmp
XSR(config)#crypto ipsec transform-set t-set1 esp-3des esp-sha-hmac
XSR(cfg-crypto-tran)#set pfs group2
set security-association lifetime
This command sets the lifetime interval used when negotiating IPSec Security Associations (SAs).
Data passing through the XSR is encrypted using keys generated during IKE exchange. The
lifetime of those keys may be defined in seconds or in data volume which was encrypted using
those keys. When that lifetime expires new keys are generated and traffic continues to be passed
using new keys.
Syntax
set security-association lifetime {seconds seconds | kilobytes kilobytes}
seconds
kilobytes
Syntax of the "no" Form
The no form of this command disables the specified lifetime metric. It does not reset the default:
no set security-association lifetime {seconds | kilobytes}
Default
3600 seconds with no limit on traffic volume.
Mode
Crypto Transform configuration:
Example
The following example sets the SA lifetime to 7,200 KBytes and disables the seconds parameter:
XSR(cfg-crypto-tran)#)#set security-association lifetime kilobytes 7200
XSR(cfg-crypto-tran)#)#no set security-association lifetime seconds
XSR(cfg-crypto-tran)#
The interval an SA lives before expiring, ranging from 300 to 86,400,000 seconds.
The volume of traffic, in KBytes, that can pass between IPSec peers using a given
SA before that SA expires, ranging from 1 MByte to 1000 GBytes.
XSR(cfg-crypto-tran)#
Crypto Transform Mode Commands
XSR CLI Reference Guide 14-117