[x]

IKEv2 commands > sa duration

 

 Next

sa duration

Use sa duration to set the IKEv2 SA lifetime.

Use undo sa duration to restore the default.

Syntax

sa duration seconds

undo sa duration

Default

The IKEv2 SA lifetime is 86400 seconds.

Views

IKEv2 profile view

Predefined user roles

network-admin

mdc-admin

Parameters

seconds: Specifies the IKEv2 SA lifetime in seconds, in the range of 120 to 86400.

Usage guidelines

An IKEv2 SA can be used for subsequent IKEv2 negotiations before its lifetime expires, saving a lot of negotiation time. However, the longer the lifetime, the higher the possibility that attackers collect enough information and initiate attacks.

Two peers can have different IKEv2 SA lifetime settings, and they do not perform lifetime negotiation. The peer with a shorter lifetime always initiates the rekeying.

Examples

# Create an IKEv2 profile named profile1.

<Sysname> system-view
[Sysname] ikev2 profile profile1

# Set the IKEv2 SA lifetime to 1200 seconds.

[Sysname-ikev2-profile-profile1] sa duration 1200

Related commands

display ikev2 profile

prev

 

up

 next

reset ikev2 statistics 

home

 SSH commands

© Copyright 2018 Hewlett Packard Enterprise Development LP