Ipsec Sa Global-Duration - HP 5920 Command Reference Manual
Hide thumbs
Also See for 5920:
- Command reference manual (607 pages) ,
- Configuration manual (424 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
manual: Specifies the IPsec SA setup mode as manual.
Usage guidelines
When you create an IPsec profile, you must specify the IPsec SA setup mode (manual). When you enter
the view of an existing IPsec profile, you do not need to specify the IPsec SA setup mode.
An IPsec profile is similar to a manual IPsec policy. It is dedicatedly used for IPsec protection for
application protocols, including OSPFv3, IPv6 BGP, and RIPng.
Examples
# Create an IPsec profile named profile1.
<Sysname> system-view
[Sysname] ipsec profile profile1 manual
[Sysname-ipsec-profile-profile1]
Related commands
display ipsec profile
ipsec sa global-duration
Use ipsec sa global-duration to configure the global IPsec SA lifetime.
Use undo ipsec sa global-duration to restore the default.
Syntax
ipsec sa global-duration { time-based seconds | traffic-based kilobytes }
undo ipsec sa global-duration { time-based | traffic-based }
Default
The time-based global lifetime is 3600 seconds, and the traffic-based global lifetime is 1843200 bytes.
Views
System view
Predefined user roles
network-admin
Parameters
time-based seconds: Specifies the time-based global lifetime for IPsec SAs, in the range of 180 to
604800 seconds.
traffic-based kilobytes: Specifies the traffic-based global lifetime for IPsec SAs, in the range of 2560 to
4294967295 kilobytes. When traffic on an SA reaches this value, the SA expires.
Usage guidelines
You can also configure IPsec SA lifetimes in IPsec policy view or IPsec policy template view. The device
prefers the IPsec SA lifetimes configured in IPsec policy view or IPsec policy template view over the global
IPsec SA lifetimes.
347
Advertisement
Table of Contents
