2146
C
140: IPS
HAPTER
EC
Related command:
Example
sa encryption-hex
Syntax
View
Parameter
Description
C
C
ONFIGURATION
OMMANDS
Use the
undo sa duration
By default, the time-based global SA lifetime is 3,600 seconds, and traffic-based
SA lifetime is 1,843,200 kilobytes.
Note that:
When negotiating to set up an SA, IKE prefers the lifetime of the IPSec policy
■
that it uses. If the IPSec policy is not configured with its lifetime, IKE uses the
global SA lifetime.
When negotiating to set up an SA, IKE prefers the shorter one of the local
■
lifetime and that proposed by the remote.
The SA lifetime applies to only IKE negotiated SAs; it takes no effect on
■
manually configured SAs.
ipsec sa global-duration, ipsec policy (system view).
# Set the SA lifetime for the IPSec policy to 2 hours, that is, 7,200 seconds.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration time-based 7200
# Set the SA lifetime for the IPSec policy to 20 Mbytes, that is, 20,480 kilobytes.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration traffic-based 20480
sa encryption-hex { inbound | outbound } esp hex-key
undo sa encryption-hex { inbound | outbound } esp
IPSec policy view
inbound: Specifies the inbound SA through which IPSec processes the received
packets.
outbound: Specifies the outbound SA through which IPSec process the sent
packets.
esp: Uses ESP.
hex-key: Encryption key for the SA, in hexadecimal format. The length of the key is
8 bytes for DES and 24 bytes for 3DES.
Use the
sa encryption-hex
Use the
undo sa encryption-hex
command to restore the default.
command to configure an encryption key for an SA.
command to remove the configuration.