ipsec sa idle-time
Use ipsec sa idle-time to enable the global IPsec SA idle timeout feature and set the idle timeout. If no traffic matches an IPsec SA within the idle timeout interval, the IPsec SA is deleted.
Use undo ipsec sa idle-time to disable the global IPsec SA idle timeout feature.
Syntax
ipsec sa idle-time seconds
undo ipsec sa idle-time
Default
The global IPsec SA idle timeout feature is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
seconds: Specifies the IPsec SA idle timeout in the range of 60 to 86400 seconds.
Usage guidelines
This feature applies only to IPsec SAs negotiated by IKE.
The IPsec SA idle timeout can also be configured in IPsec policy view, IPsec policy template view, or IPsec profile view, which takes precedence over the global IPsec SA timeout.
Examples
# Enable the global IPsec SA idle timeout feature and set the IPsec SA idle timeout to 600 seconds.
<Sysname> system-view [Sysname] ipsec sa idle-time 600
Related commands
display ipsec sa
sa idle-time