3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
424 CHAPTER 23: IKE CONFIGURATION COMMANDS
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning:
RD--READY ST--STAYALIVE RT--REPLACED FD--FADING
<SecBlade_VPN> reset ike sa 2
<SecBlade_VPN> display ike sa
conn-id remote flag phase doi
2 202.38.0.2 RD|ST 2 IPSEC
flag meaning:
RD--READY ST--STAYALIVE RT--REPLACED FD-FADING
c
CAUTION: If the SA of phase 1 is deleted first, the remote end cannot be
informed of clearing the SA database when deleting the SA of phase 2.
sa duration Syntax
sa duration seconds
undo sa duration
View
IKE proposal view
Parameter
seconds: Specifies the ISAKMP Sa duration. When the sa duration expires, ISAKMP
SA will update automatically. It can be set to a value in the range 60 to 604800
seconds.
Description
Use the sa duration command to specify the ISAKMP Sa duration for an IKE
proposal.
Use the undo sa duration command to restore it to the default.
By default, the value of ISAKMP Sa duration is 86400 seconds (one day).
Before the sa duration for a SA expires, a new SA will be negotiated for replacing
the existing SA, and the old SA will be automatically cleared when the Sa duration
expires.
Related command: ike proposal and display ike proposal.
Example
# Specify the ISAKMP Sa duration for IKE proposal 10 as 600 seconds (10
minutes).
[SecBlade_VPN] ike proposal 10
[SecBlade_VPN-ike-proposal-10] sa duration 600