Filter
Top Products
4-9
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
OL-9129-02
Chapter 4 Configuring the VSA
Configuration Tasks
To change a global lifetime for IPSec security associations, use one or more of the following commands:
Note The clear commands in Step 5 below are in EXEC or enable mode (see “Using the EXEC Command
Interpreter” section on page 4-2 for more details).
Step Command Purpose
Step 1
Router# enable
Enables privileged EXEC mode. Enter your password if
prompted.
Step 2
Router# configure terminal
Enters global configuration mode.
Step 3
Router(config)# crypto ipsec
security-association lifetime seconds
seconds
Changes global lifetime values used when negotiating
IPSec security associations (SAs). To reset a lifetime to
the default value, use the no form of this command.
Specifies the number of seconds a security association
will live before expiring. The default is 3600 seconds (one
hour).
Step 4
Router(config)# crypto ipsec
security-association lifetime kilobytes
kilobytes
Changes the global “traffic-volume” lifetime for IPSec
SAs.
Specifies the volume of traffic (in kilobytes) that can pass
between IPSec peers using a given security association
before that security association expires. The default is
4,608,000 kilobytes.
Step 5
Router# clear crypto sa
or
Router# clear crypto sa peer {
ip-address
|
peer-name
}
or
Router# clear crypto sa map
map-name
or
Router# clear crypto sa spi
destination-address
protocol spi
(Optional) Clears existing security associations. This
causes any existing security associations to expire
immediately; future security associations will use the new
lifetimes. Otherwise, any existing security associations
will expire according to the previously configured
lifetimes.
Note Using the clear crypto sa command without
parameters will clear out the full SA database,
which will clear out active security sessions. You
may also specify the peer, map, or spi keywords
to clear out only a subset of the SA database. For
more information, see the clear crypto sa
command.