Table of Contents
Advertisement
lifetime
Refreshing SAs
ipsec clear sa
Copyright © 2010, Juniper Networks, Inc.
Use to define an IKE policy.
When you enter the command, you include a number that identifies the policy and
assigns a priority to the policy. You can number policies in the range 1–10000, with 1
having the highest priority.
You can add up to 10 IKE policies per router.
Example
host1(config)#ipsec ike-policy-rule 3
host1(config-ike-policy)#
Use the no version to remove policies. If you do not include a priority number with the
no version, all policies are removed.
See ipsec ike-policy-rule.
See ipsec isakmp-policy-rule.
Use to specify the lifetime of IKE SAs.
The range is 60–86400 seconds.
host1(config-ike-policy)#lifetime 360
Use the no version to reset the SA lifetime to the default, 28800 seconds.
See lifetime.
To refresh ISAKMP/IKE or IPSec SAs:
host1(config)#ipsec clear sa tunnel ipsec:Aottawa2boca phase 2
Use to refresh ISAKMP/IKE or IPSec SAs.
To reinitialize all SAs, use the all keyword.
To reinitialize SAs on a specific tunnel, use the tunnel keyword.
To reinitialize SAs on tunnels that are in a specific state, use the state keyword.
To specify the type of SA to be reinitialized, ISAKMP/IKE or IPSEC, use the phase
keyword.
Example
host1(config)#ipsec clear sa all phase 2
There is no no version.
See ipsec clear sa.
Chapter 5: Configuring IPSec
151
Advertisement
Table of Contents
