Ipsec Sa Global-Duration; Ipsec Session Idle-Time - H3C MSR 20-20 Command Reference Manual
Msr 20/30/50 series routers
Hide thumbs
Also See for MSR 20-20:
- Installation manual (73 pages) ,
- User manual (60 pages) ,
- Supplementary manual (6 pages)
Table of Contents
Advertisement
Example
ipsec sa global-duration
Syntax
View
Parameter
Description
Related command:
Example
ipsec session idle-time
Syntax
# Create an IPSec proposal named newprop1.
<Sysname> system-view
[Sysname] ipsec proposal newprop1
ipsec sa global-duration { time-based seconds | traffic-based kilobytes }
undo ipsec sa global-duration { time-based | traffic-based }
System view
seconds: Time-based global SA lifetime in seconds, in the range 180 to 604,800.
kilobytes: Traffic-based global SA lifetime in kilobytes, in the range 256 to
4,194,303.
Use the
ipsec sa global-duration
Use the
undo ipsec sa global-duration
By default, the time-based global SA lifetime is 3,600 seconds, and the
traffic-based global SA lifetime is 1,843,200 kilobytes.
Note that:
When negotiating to set up an SA, IKE prefers the lifetime of the IPSec policy
■
that it uses. If the IPSec policy is not configured with its own lifetime, IKE uses
the global SA lifetime.
When negotiating to set up an SA, IKE prefers the shorter one of the local
■
lifetime and that proposed by the remote.
The SA lifetime applies to only IKE negotiated SAs; it takes no effect on
■
manually configured SAs.
sa duration, display ipsec sa duration.
# Set the time-based global SA lifetime to 2 hours, that is, 7,200 seconds.
<Sysname> system-view
[Sysname] ipsec sa global-duration time-based 7200
# Set the traffic-based global SA lifetime to 10M bytes, that is, 10,240 kilobytes.
[Sysname] ipsec sa global-duration traffic-based 10240
ipsec session idle-time seconds
command to configure the global SA lifetime.
command to restore the default.
2139
Advertisement
Chapters
Table of Contents
