sa duration (ike-proposal)

Function

The sa duration command specifies the ISAKMP SA duration for an IKE proposal.

The undo sa duration command restores the default setting.

By default, the lifetime is 86400 seconds.

This command is supported only on the NetEngine 8000 F1A.

Format

sa duration sa-duration

undo sa duration

Parameters

Parameter Description Value
sa-duration

Indicates the value of ISAKMP SA duration.

It is an integer and ranges from 60 to 604800 seconds.

Views

IKE proposal view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ike write

Usage Guidelines

When the duration expires, update of the ISAKMP SA automatically starts. IKE negotiation requires DH calculation, which takes a long time. Therefore, set the duration to a value longer than 10 minutes to make sure that the update of ISAKMP SA does not affect secure communication.

Before the set duration expires, a new SA is negotiated to replace the original SA. The original SA is still in use if the negotiation of a new SA is not complete. When the new SA is established, it is used immediately. The original SA is automatically cleared.

Example

# Specify the ISAKMP SA duration to 100 seconds for an IKE proposal 10.
<HUAWEI> system-view
[~HUAWEI] ike proposal 10
[*HUAWEI-ike-proposal-10] sa duration 100
Parent Topic: IPSec Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >