Table of Contents
Advertisement
ipsec lifetime
ipsec local-endpoint
Example 1 using an IP Address
host1(config)#ipsec key manual pre-share ip address 10.10.1.1
host1(config-manual-key)#
Example 2 using an FQDN
host1(config)#ipsec key manual pre-share identity branch245.customer77.isp.net
host1(config-manual-key)#
Example 3 using an FQDN with user@ specification
host1(config)#ipsec key manual pre-share identity
user4919@branch245.customer77.isp.net
host1(config-manual-key)#
Use the no version to delete a manually configured key from the router.
See ipsec key manual pre-share.
Use to set the global (default) lifetime in seconds or volume of traffic in kilobytes.
The IPSec lifetime applies to tunnels that do not have a tunnel lifetime defined.
When either limit is reached, the SA is renegotiated.
To set a lifetime for all SAs on a tunnel, use the tunnel lifetime command.
To set a lifetime for a specific SA, use "lifetime" on page 158 .
Example 1
host1(config)#ipsec lifetime kilobytes 42000000
Example 2
host1(config)#ipsec lifetime seconds 8600
Use the no version to restore the default values of 4294967295 kilobytes and
28800 seconds (8 hours).
See ipsec lifetime.
Use to define a default local endpoint for ISAKMP/IKE negotiations and all IPSec
tunnels for a transport virtual router.
You must specify the IP address used as the local endpoint and the transport
virtual router on which the IP address is defined.
Example
host1(config)#ipsec local-endpoint 10.10.1.1 transport-virtual-router VR#8
Use the no version to delete a local endpoint. You cannot remove an endpoint
if a tunnel is referencing the endpoint.
See ipsec local-endpoint.
Chapter 5: Configuring IPSec
147
Configuration Tasks
Advertisement
Table of Contents
