R3303-HP HSR6800 Routers Security Command Reference
344
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 202.38.0.2 RD|ST 1 IPSEC
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO--TIMEOUT RK--REKEY
<Sysname> reset ike sa 2
<Sysname> display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 202.38.0.2 RD|ST 1 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO——TIMEOUT RK--REKEY
Related commands
display ike sa
sa duration
Use sa duration to set the ISAKMP SA lifetime for an IKE proposal.
Use undo sa duration to restore the default.
Syntax
sa duration seconds
undo sa duration
Default
The ISAKMP SA lifetime is 86400 seconds.
Views
IKE proposal view
Default command level
2: System level
Parameters
Seconds: Specifies the ISAKMP SA lifetime in seconds, in the range of 60 to 604800.
Usage guidelines
Before an SA expires, IKE negotiates a new SA. The new SA takes effect immediately after being set up,
and the old one will be cleared automatically when it expires.
Examples
# Specify the ISAKMP SA lifetime for IKE proposal 10 as 600 seconds (10 minutes).
<Sysname> system-view
[Sysname] ike proposal 10
[Sysname-ike-proposal-10] sa duration 600