Table of Contents
Advertisement
traffic-based kilobytes
4294967295 Kilobytes.
Usage guidelines
IKE prefers the SA lifetime of the IPsec policy, IPsec profile, or IPsec policy template over the global
SA lifetime configured by the
profile, or IPsec policy template is not configured with the SA lifetime, IKE uses the global SA lifetime
for SA negotiation.
During SA negotiation, IKE selects the shorter SA lifetime between the local SA lifetime and the
remote SA lifetime.
Examples
# Set the SA lifetime to 7200 seconds for IPsec policy policy1.
<Sysname> system-view
[
]
Sysname
[
Sysname-ipsec-policy-isakmp-policy1-100
# Set the SA lifetime to 20 MB for IPsec policy policy1. The IPsec SA expires after transmitting
20480 Kilobytes.
<Sysname> system-view
[
]
Sysname
[
Sysname-ipsec-policy-isakmp-policy1-100
Related commands
display ipsec sa
ipsec sa global-duration
sa hex-key authentication
Use
sa hex-key authentication
IPsec SAs.
Use
undo sa hex-key authentication
Syntax
sa hex-key authentication { inbound | outbound } { ah | esp } { cipher |
simple } string
undo sa hex-key authentication { inbound | outbound } { ah | esp }
Default
No hexadecimal authentication key is configured for manual IPsec SAs.
Views
IPsec policy view
IPsec profile view
Predefined user roles
network-admin
Parameters
: Specifies a hexadecimal authentication key for the inbound SA.
inbound
: Specifies a hexadecimal authentication key for the outbound SA.
outbound
: Uses AH.
ah
: Specifies the traffic-based SA lifetime in the range of 2560 to
ipsec sa global-duration
ipsec policy policy1 100 isakmp
ipsec policy policy1 100 isakmp
]
sa duration time-based 7200
]
sa duration traffic-based 20480
to configure a hexadecimal authentication key for manual
to remove the hexadecimal authentication key.
56
command. If the IPsec policy, IPsec
Advertisement
Chapters
Table of Contents
