Filter
Top Products
2146 CHAPTER 140: IPSEC CONFIGURATION COMMANDS
Use the undo sa duration command to restore the default.
By default, the time-based global SA lifetime is 3,600 seconds, and traffic-based
SA lifetime is 1,843,200 kilobytes.
Note that:
■ When negotiating to set up an SA, IKE prefers the lifetime of the IPSec policy
that it uses. If the IPSec policy is not configured with its lifetime, IKE uses the
global SA lifetime.
■ When negotiating to set up an SA, IKE prefers the shorter one of the local
lifetime and that proposed by the remote.
■ The SA lifetime applies to only IKE negotiated SAs; it takes no effect on
manually configured SAs.
Related command: ipsec sa global-duration, ipsec policy (system view).
Example # Set the SA lifetime for the IPSec policy to 2 hours, that is, 7,200 seconds.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration time-based 7200
# Set the SA lifetime for the IPSec policy to 20 Mbytes, that is, 20,480 kilobytes.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration traffic-based 20480
sa encryption-hex
Syntax sa encryption-hex { inbound | outbound } esp hex-key
undo sa encryption-hex { inbound | outbound } esp
View IPSec policy view
Parameter inbound: Specifies the inbound SA through which IPSec processes the received
packets.
outbound: Specifies the outbound SA through which IPSec process the sent
packets.
esp: Uses ESP.
hex-key: Encryption key for the SA, in hexadecimal format. The length of the key is
8 bytes for DES and 24 bytes for 3DES.
Description Use the
sa encryption-hex command to configure an encryption key for an SA.
Use the
undo sa encryption-hex command to remove the configuration.