R0106-HP MSR Router Series Security Command Reference(V7)
338
Predefined user roles
network-admin
Parameters
tag-value: Sets a tag value. The value range is 1 to 4294967295.
Usage guidelines
When you change this tag value in an IPsec policy, the device deletes all IPsec SAs created by this IPsec
policy, and all associated static routes.
Examples
# Set the tag value to 50 for the static routes created by IPsec RRI.
<Sysname>system-view
[Sysname] ipsec policy 1 1 isakmp
[Sysname-ipsec-policy-isakmp-1-1] reverse-route tag 50
Related commands
• ipsec policy
• ipsec policy-template
sa duration
Use sa duration to set an SA lifetime for an IPsec policy or IPsec policy template.
Use undo sa duration to remove the SA lifetime.
Syntax
sa duration { time-based seconds | traffic-based kilobytes }
undo sa duration { time-based | traffic-based }
Default
The SA lifetime of an IPsec policy or an IPsec policy template is the current global SA lifetime.
Views
IPsec policy view, IPsec policy template view
Predefined user roles
network-admin
Parameters
time-based seconds: Specifies the time-based SA lifetime in the range of 180 to 604800 seconds.
traffic-based kilobytes: Specifies the traffic-based SA lifetime in the range of 2560 to 4294967295
kilobytes.
Usage guidelines
IKE prefers the SA lifetime of the IPsec policy over the global SA lifetime. If the IPsec policy is not
configured with the SA lifetime, IKE uses the global SA lifetime configured by the ipsec sa
global-duration command for SA negotiation.
During SA negotiation, IKE selects the shorter SA lifetime between the local SA lifetime and the remote
SA lifetime.