Filter
Top Products
2139
Example # Create an IPSec proposal named newprop1.
<Sysname> system-view
[Sysname] ipsec proposal newprop1
ipsec sa global-duration
Syntax ipsec sa global-duration { time-based seconds | traffic-based kilobytes }
undo ipsec sa global-duration { time-based | traffic-based }
View System view
Parameter seconds: Time-based global SA lifetime in seconds, in the range 180 to 604,800.
kilobytes: Traffic-based global SA lifetime in kilobytes, in the range 256 to
4,194,303.
Description Use the
ipsec sa global-duration command to configure the global SA lifetime.
Use the undo ipsec sa global-duration command to restore the default.
By default, the time-based global SA lifetime is 3,600 seconds, and the
traffic-based global SA lifetime is 1,843,200 kilobytes.
Note that:
■ When negotiating to set up an SA, IKE prefers the lifetime of the IPSec policy
that it uses. If the IPSec policy is not configured with its own lifetime, IKE uses
the global SA lifetime.
■ When negotiating to set up an SA, IKE prefers the shorter one of the local
lifetime and that proposed by the remote.
■ The SA lifetime applies to only IKE negotiated SAs; it takes no effect on
manually configured SAs.
Related command: sa duration, display ipsec sa duration.
Example # Set the time-based global SA lifetime to 2 hours, that is, 7,200 seconds.
<Sysname> system-view
[Sysname] ipsec sa global-duration time-based 7200
# Set the traffic-based global SA lifetime to 10M bytes, that is, 10,240 kilobytes.
[Sysname] ipsec sa global-duration traffic-based 10240
ipsec session idle-time
Syntax ipsec session idle-time seconds