[x]

IPsec commands > sa idle-time

 

 Next

sa idle-time

Use sa idle-time to set the IPsec SA idle timeout. If no traffic matches an IPsec SA within the idle timeout interval, the IPsec SA is deleted.

Use undo sa idle-time to restore the default.

Syntax

sa idle-time seconds

undo sa idle-time

Default

An IPsec policy, IPsec policy template, or IPsec profile uses the global IPsec SA idle timeout.

Views

IPsec policy view

IPsec policy template view

IPsec profile view

Predefined user roles

network-admin

mdc-admin

Parameters

seconds: Specifies the IPsec SA idle timeout in the range of 60 to 86400 seconds.

Usage guidelines

This feature applies only to IPsec SAs negotiated by IKE and takes effect after the ipsec sa idle-time command is configured.

The IPsec SA idle timeout configured by this command takes precedence over the global IPsec SA timeout configured by the ipsec sa idle-time command. If the IPsec policy, IPsec policy template, or IPsec profile is not configured with the SA idle timeout, IKE uses the global SA idle timeout.

Examples

# Set the IPsec SA idle timeout to 600 seconds for IPsec policy map. 

<Sysname> system-view
[Sysname] ipsec policy map 100 isakmp
[Sysname-ipsec-policy-isakmp-map-100] sa idle-time 600

Related commands

display ipsec sa

ipsec sa idle-time

prev

 

up

 next

sa hex-key encryption 

home

 sa spi

© Copyright 2018 Hewlett Packard Enterprise Development LP