Sa Idle-Time - HP 6125XLG Command Reference Manual

If you configure a key in different formats (hexadecimal or character format), only the most recent
configuration takes effect.
The keys for the IPsec SAs at the two tunnel ends must be configured in the same format (either in
hexadecimal or character format). Otherwise, they cannot establish an IPsec tunnel.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Examples
# Configure plaintext encryption keys 0x1234567890abcdef and 0xabcdefabcdef1234 for the inbound
and outbound IPsec SAs that use ESP.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 manual
[Sysname-ipsec-policy-manual-policy1-100] sa hex-key encryption inbound esp simple
1234567890abcdef
[Sysname-ipsec-policy-manual-policy1-100] sa hex-key encryption outbound esp simple
abcdefabcdef1234
Related commands
display ipsec sa
•
sa string-key
•

sa idle-time

Use sa idle-time to set the IPsec SA idle timeout for an IPsec policy or IPsec policy template. If no traffic
matches an IPsec SA within the idle timeout interval, the IPsec SA is deleted.
Use undo sa idle-time to restore the default.
Syntax
sa idle-time seconds
undo sa idle-time
Default
An IPsec policy or IPsec policy template uses the global IPsec SA idle timeout.
Views
IPsec policy view, IPsec policy template view
Predefined user roles
network-admin
Parameters
seconds: Specifies the IPsec SA idle timeout, in the range of 60 to 86400 seconds.
Usage guidelines
This function applies only to IPsec SAs negotiated by IKE and takes effect when the ipsec sa idle-time
command has been configured.
The IPsec SA idle timeout configured in IPsec policy view or IPsec policy template view takes precedence
over the global IPsec SA timeout configured by the ipsec sa idle-time command.
Examples
# Set the IPsec SA idle timeout to 600 seconds for the IPsec policy.
271