Sa Idle-Time; Sa Spi - HP FlexFabric 7900 Series Command Reference Manual

sa idle-time

Use sa idle-time to set the IPsec SA idle timeout for an IPsec policy. If no traffic matches an IPsec SA within
the idle timeout interval, the IPsec SA is deleted.
Use undo sa idle-time to restore the default.
Syntax
sa idle-time seconds
undo sa idle-time
Default
An IPsec policy uses the global IPsec SA idle timeout.
Views
IPsec policy view
Predefined user roles
network-admin
Parameters
seconds: Specifies the IPsec SA idle timeout in the range of 60 to 86400 seconds.
Usage guidelines
This function applies only to IPsec SAs negotiated by IKE and takes effect when the ipsec sa idle-time
command has been configured.
The IPsec SA idle timeout configured in IPsec policy view takes precedence over the global IPsec SA
timeout configured by the ipsec sa idle-time command.
Examples
# Set the IPsec SA idle timeout to 600 seconds for the IPsec policy.
<Sysname> system-view
[Sysname] ipsec policy map 100 isakmp
[Sysname-ipsec-policy-isakmp-map-100] sa idle-time 600
Related commands
display ipsec sa
•
• ipsec sa idle-time

sa spi

Use sa spi to configure an SPI for IPsec SAs.
Use undo sa spi to remove the SPI.
Syntax
sa spi { inbound | outbound } { ah | esp } spi-number
undo sa spi { inbound | outbound } { ah | esp }
Default
No SPI is configured for IPsec SAs.
143