[x]

IPsec commands > ipsec sa idle-time

 

 Next

ipsec sa idle-time

Use ipsec sa idle-time to enable the global IPsec SA idle timeout feature and set the idle timeout. If no traffic matches an IPsec SA within the idle timeout interval, the IPsec SA is deleted.

Use undo ipsec sa idle-time to disable the global IPsec SA idle timeout feature.

Syntax

ipsec sa idle-time seconds

undo ipsec sa idle-time

Default

The global IPsec SA idle timeout feature is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

seconds: Specifies the IPsec SA idle timeout in the range of 60 to 86400 seconds.

Usage guidelines

This feature applies only to IPsec SAs negotiated by IKE.

The IPsec SA idle timeout can also be configured in IPsec policy view, IPsec policy template view, or IPsec profile view, which takes precedence over the global IPsec SA timeout.

Examples

# Enable the global IPsec SA idle timeout feature and set the IPsec SA idle timeout to 600 seconds. 

<Sysname> system-view
[Sysname] ipsec sa idle-time 600

Related commands

display ipsec sa

sa idle-time

prev

 

up

 next

ipsec sa global-duration 

home

 ipsec transform-set

© Copyright 2018 Hewlett Packard Enterprise Development LP