Table of Contents
Advertisement
3Com Command Reference Guide — V1.00
Modifying the global lifetime will not affect a map that has individually set up its own
lifetime, or an SA already set up. But the modified global lifetime will be used to set
up a new SA in the future IKE negotiation.
The secret key in the SA is invalidated when the SA is invalidated. A short lifetime will
make it difficult for the attacker to break the password, as the attacker can only get
less encrypted data about the same secret key. And a short lifetime will use more
CPU resource to set up a new SA.
The lifetime does not function for an SA manually set up, that is, the SA manually set
up will never be invalidated.
For related commands, see sa duration, display ipsec sa duration.
Example
# Configure the global SA lifetime to 2 hours.
[3Com]ipsec sa global-duration time-based 7200
# Configure the global crypto SA lifetime to 10M bytes transmitted.
[3Com]ipsec sa global-duration traffic-based 10000
4.1.31 proposal
Syntax
proposal proposal-name1 [ proposal-name2...proposal-name6 ]
undo proposal
View
IPSec policy view
Parameter
proposal-name: Name of a proposal set.
Description
Using the proposal command, you can configure the proposal configure used by the
IPSec policy. Using the undo proposal command, you can cancel the proposal set
used by the IPSec policy.
This command is applicable to the IPSec module of the operating system and crypto
card.
74
- Quick Links:
- Command Line Interface Commands
Hide quick links:
Advertisement
Chapters
Table of Contents
