Manualshelf

R3166-R3206-HP High-End Firewalls VPN Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
61626364656667686970
57
An IPsec proposal created by using the ipsec proposal command takes the security protocol of ESP, the
encryption algorithm of DES, and the authentication algorithm of MD5 by default.
Related commands: display ipsec proposal.
Examples
# Create an IPsec proposal named newprop1.
<Sysname> system-view
[Sysname] ipsec proposal newprop1
ipsec sa global-duration
Syntax
ipsec sa global-duration { time-based seconds | traffic-based kilobytes }
undo ipsec sa global-duration { time-based | traffic-based }
View
System view
Default level
2: System level
Parameters
seconds: Time-based global SA lifetime in seconds, in the range 180 to 604800.
kilobytes: Traffic-based global SA lifetime in kilobytes, in the range 2560 to 4294967295.
Description
Use the ipsec sa global-duration command to configure the global SA lifetime.
Use the undo ipsec sa global-duration command to restore the default.
By default, the time-based global SA lifetime is 3,600 seconds, and the traffic-based global SA lifetime
is 1843200 kilobytes.
When negotiating to set up an SA, IKE prefers the lifetime of the IPsec policy or IPsec profile that it uses.
If the IPsec policy is not configured with its own lifetime, IKE uses the global SA lifetime.
When negotiating to set up an SA, IKE prefers the shorter one of the local lifetime and that proposed by
the remote.
The SA lifetime applies to only IKE negotiated SAs; it is not effective for manually configured SAs.
Related commands: sa duration and display ipsec sa duration.
Examples
# Set the time-based global SA lifetime to 7200 seconds (2 hours).
<Sysname> system-view
[Sysname] ipsec sa global-duration time-based 7200
# Set the traffic-based global SA lifetime to 10240 kilobytes (10 Mbytes).
[Sysname] ipsec sa global-duration traffic-based 10240