Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 5000 Router Series
2251225222532254225522562257225822592260
3Com Router 5000 Family and Router 6000 Family sa duration 263
Command Reference
sa duration
Purpose Use the sa duration command to set a SA duration of the ipsec policy.
Use the undo sa duration command to cancel the SA duration, i.e., restore the
use of the global SA duration.
Syntax sa duration { traffic-based kilobytes | time-based seconds }
undo sa duration { traffic-based | time-based }
Parameters time-based seconds
Time-based SA duration (in seconds). Valid values are
30 to 604800 seconds.
If no value is specified, the default is 3600 seconds (1
hour).
traffic-based kilobytes
Traffic-based SA duration (in kilobytes). Valid values are
256 to 4194303.
If no value is specified, the default is 1843200
kilobytes.
Example Set the Sa duration for the ipsec policy shenzhen 100 to 2 hours, that is, 7200
seconds.
[3Com] ipsec policy shenzhen 100 isakmp
[3Com-ipsec-policy-isakmp-shenzhen-100] sa duration time-based 7200
Set the Sa duration for the ipsec policy shenzhen 100 to 20M bytes, that is, the SA is
overtime when the traffic exceeds 20000 kilobytes.
[3Com] ipsec policy shenzhen 100 isakmp
[3Com-ipsec-policy-isakmp-shenzhen-100] sa duration traffic-based 20000
View This command can be used in the following views:
IPSec Policy view
IPSec Policy Template view
Description When IKE negotiates to establish a SA, if the adopted IPSec policy is not configured
with its own duration, the system will use the global SA duration to negotiate with
the peer. If the IPSec policy is configured with its own duration, the system will use
the duration of the IPSec policy to negotiate with the peer. When IKE negotiates to
set up an SA for IPSec, the shorter one of the lifetime set locally and that proposed by
the remote is selected.
There are two types of SA duration: time-based (in seconds) and traffic-based (in
kilobytes) lifetimes. The traffic-based SA duration, that is, the valid time of the SA is
accounted according to the total traffic that can be processed by this SA, and the SA
is invalid when the set value is exceeded. No matter which one of the two types