Sa Duration - HP 6125XLG Command Reference Manual

Blade switch security command reference
Table of Contents

Advertisement

Predefined user roles
network-admin
Parameters
tunnel-id tunnel-id: Clears IPsec packet statistics for the specified IPsec tunnel. The value range for the
tunnel-id is 0 to 4294967295. If no tunnel ID is specified, the command clears all IPsec packet statistics.
Examples
# Clear all IPsec packet statistics.
<Sysname> reset ipsec statistics
Related commands
display ipsec statistics

sa duration

Use sa duration to set an SA lifetime for an IPsec policy or IPsec policy template.
Use undo sa duration to remove the SA lifetime.
Syntax
sa duration { time-based seconds | traffic-based kilobytes }
undo sa duration { time-based | traffic-based }
Default
The SA lifetime of an IPsec policy or an IPsec policy template is the current global SA lifetime.
Views
IPsec policy view, IPsec policy template view
Predefined user roles
network-admin
Parameters
time-based seconds: Specifies the time-based SA lifetime, in the range of 180 to 604800 seconds.
traffic-based kilobytes: Specifies the traffic-based SA lifetime, in the range of 2560 to 4294967295
kilobytes.
Usage guidelines
IKE prefers the SA lifetime of the IPsec policy over the global SA lifetime. If the IPsec policy is not
configured with the SA lifetime, IKE uses the global SA lifetime configured by the ipsec sa
global-duration command for SA negotiation.
During SA negotiation, IKE selects the shorter SA lifetime between the local SA lifetime and the remote
SA lifetime.
Examples
# Set the SA lifetime for the IPsec policy policy1 to 7200 seconds.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration time-based 7200
268

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents