R21xx-HP FlexFabric 11900 Security Command Reference
260
Connection-ID Remote Flag DOI
----------------------------------------------------------
1 202.38.0.2 RD|ST IPSEC
2 202.38.0.3 RD|ST IPSEC
Flags:
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO—TIMEOUT
# Delete the IKE SA with the connection ID 2.
<Sysname> reset ike sa 2
# Display the current IKE SAs.
<Sysname> display ike sa
Total IKE SAs: 1
Connection-ID Remote Flag DOI
----------------------------------------------------------
1 202.38.0.2 RD|ST IPSEC
Flags:
RD--READY ST--STAYALIVE RL--REPLACED FD—FADING TO—TIMEOUT
sa duration
Use sa duration to set the IKE SA lifetime for an IKE proposal.
Use undo sa duration to restore the default.
Syntax
sa duration seconds
undo sa duration
Default
The IKE SA lifetime is 86400 seconds.
Views
IKE proposal view
Predefined user roles
network-admin
Parameters
Seconds: Specifies the IKE SA lifetime in seconds, in the range of 60 to 604800.
Usage guidelines
If the communicating peers are configured with different IKE SA lifetime settings, the smaller one takes
effect.
Before an IKE SA expires, IKE negotiates a new SA. The new SA takes effect immediately after it is
negotiated. The old IKE SA will be cleared when it expires.
Examples
# Set the IKE SA lifetime to 600 seconds for IKE proposal 1.
<Sysname> system-view
[Sysname] ike proposal 1