About Sa Lifetime Negotiation; Setting The Sa Lifetime - Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual
Cisco mds 9000 family cli configuration guide - release 4.x (ol-18084-01, february 2009)
Hide thumbs
Also See for AP776A - Nexus Converged Network Switch 5020:
- Command reference manual (1640 pages) ,
- Configuration manual (1486 pages) ,
- Reference (886 pages)
Table of Contents
Advertisement
Chapter 37
Configuring IPsec Network Security
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Command
Step 6
switch(config-crypto-map-ip)# set
transform-set SampleTransform1
SampleTransmfor2
switch(config-(crypto-map-ip))# no set
transform-set
About SA Lifetime Negotiation
You can override the global lifetime values (size and time) by configuring an SA-specific lifetime value.
To specify SA lifetime negotiation values, you can optionally configure the lifetime value for a specified
crypto map. If you do, this value overrides the globally set values. If you do not specify the crypto map
specific lifetime, the global value (or global default) is used.
See the
Setting the SA Lifetime
To set the SA lifetime for a specified crypto map entry, follow these steps:
Command
Step 1
switch# config terminal
switch(config)#
Step 2
switch(config)# crypto map domain ipsec
SampleMap 31
switch(config-crypto-map-ip)#
Step 3
switch(config-crypto-map-ip)# set
security-association lifetime seconds
8640
switch(config-crypto-map-ip)# no set
security-association lifetime seconds
8640
Step 4
switch(config-crypto-map-ip)# set
security-association lifetime kilobytes
2560
switch(config-crypto-map-ip)# set
security-association lifetime gigabytes
4000
switch(config-crypto-map-ip)# set
security-association lifetime megabytes
5000
switch(config-crypto-map-ip)# no set
security-association lifetime megabytes
OL-18084-01, Cisco MDS NX-OS Release 4.x
"Global Lifetime Values" section on page 37-28
Purpose
Specifies which transform sets are allowed for the
specified crypto map entry or entries. List multiple
transform sets in order of priority (highest priority
first).
Deletes the association of all transform sets
(regardless of you specifying a transform set name).
for more information on global lifetime values.
Purpose
Enters configuration mode.
Enters crypto map configuration submode for the
entry named SampleMap with 31 as its sequence
number.
Specifies an SA lifetime for this crypto map entry
using different IPsec SA lifetimes than the global
lifetimes for the crypto map entry.
Deletes the entry-specific configuration and reverts to
the global settings.
Configures the traffic-volume lifetime for this SA in
kilobytes. The lifetime ranges from 2560 to
2147483647 kilobytes.
Configures the traffic-volume lifetime for this SA to
time out after the specified amount of traffic (in
gigabytes) have passed through the FCIP link using
the SA. The lifetime ranges from 1 to 4095 gigabytes.
Configures the traffic-volume lifetime for this SA in
megabytes. The lifetime ranges from 3 to 4193280
megabytes.
Reverts to the global settings.
Cisco MDS 9000 Family CLI Configuration Guide
Crypto IPv4-ACLs
37-25
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
