51
During SA negotiation, IKE selects the shorter SA lifetime between the local SA lifetime and the
remote SA lifetime.
Examples
# Set the SA lifetime to 7200 seconds for IPsec policy
policy1
.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration time-based 7200
# Set the SA lifetime to 20 MB for IPsec policy
policy1
. The IPsec SA expires after transmitting
20480 kilobytes.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration traffic-based 20480
Related commands
display ipsec sa
ipsec sa global-duration
sa hex-key authentication
Use
sa hex-key authentication
to configure an authentication key for a manual IPsec SA.
Use
undo sa hex-key authentication
to delete an authentication key for a manual IPsec SA.
Syntax
sa hex-key
authentication
{
inbound
|
outbound
}
{
ah
|
esp
}
{
cipher
|
simple
}
string
undo sa hex-key
authentication
{
inbound
|
outbound
}
{
ah
|
esp
}
Default
No hexadecimal authentication keys are configured for manual IPsec SAs.
Views
IPsec policy view
IPsec profile view
Predefined user roles
network-admin
Parameters
inbound
: Specifies a hexadecimal authentication key for the inbound SA.
outbound
: Specifies a hexadecimal authentication key for the outbound SA.
ah
: Uses AH.
esp
: Uses ESP.
cipher
: Specifies a key in encrypted form.
simple
: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form
will be stored in encrypted form.
string
: Specifies the key. Its plaintext form is case insensitive and must be a 16-byte hexadecimal
string for HMAC-MD5 and a 20-byte hexadecimal string for HMAC-SHA1. Its encrypted form is a
case-sensitive string of 1 to 85 characters.
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...