R21xx-HP FlexFabric 11900 Security Command Reference
227
Views
IPsec policy view, IPsec policy template view
Predefined user roles
network-admin
Parameters
seconds: Specifies the IPsec SA idle timeout, in the range of 60 to 86400 seconds.
Usage guidelines
This function applies only to IPsec SAs negotiated by IKE and takes effect when the ipsec sa idle-time
command has been configured.
The IPsec SA idle timeout configured in IPsec policy view or IPsec policy template view takes precedence
over the global IPsec SA timeout configured by the ipsec sa idle-time command.
Examples
# Set the IPsec SA idle timeout to 600 seconds for the IPsec policy.
<Sysname> system-view
[Sysname] ipsec policy map 100 isakmp
[Sysname-ipsec-policy-isakmp-map-100] sa idle-time 600
Related commands
• display ipsec sa
• ipsec sa idle-time
sa spi
Use sa spi to configure an SPI for IPsec SAs.
Use undo sa spi to remove the SPI.
Syntax
sa spi { inbound | outbound } { ah | esp } spi-number
undo sa spi { inbound | outbound } { ah | esp }
Default
No SPI is configured for IPsec SAs.
Views
IPsec policy view, IPsec profile view
Predefined user roles
network-admin
Parameters
inbound: Specifies an SPI for inbound SAs.
outbound: Specifies an SPI for outbound SAs.
ah: Uses AH.
esp: Uses ESP.
spi-number: Specifies a Security parameters index (SPI), in the range of 256 to 4294967295.