Enterasys Networks XSR CLI Benutzerhandbuch

Remote Peer ISAKMP Protocol Policy Mode Commands

XSR CLI Reference Guide 14-99

lifetime

This command specifies the lifetime of an IKE Security Association (SA) for a given IKE proposal
(policy).

Syntax

lifetime seconds

Syntax of the “no” Form

The no form of this command resets to the default value:

no lifetime

Default

28,800 seconds (8 hours)

Mode

ISAKMP protocol policy configuration:

XSR(config-isakmp)#

Example

The following example sets the IKE SA lifetime at 8 hours for ACMEproposal:

XSR(config)#crypto isakmp proposal ACMEproposal
XSR(config-isakmp)#lifetime 28800

Remote Peer ISAKMP Protocol Policy Mode Commands

crypto isakmp peer

This command configures the remote peer’s IP address and/or subnet and acquires ISAKMP
configuration mode. The following sub‐commands can be entered at ISAKMP Peer mode:

•

config-mode

sets the local IKE Mode configuration, the de facto standard to assign IP

addresses within IKE. Refer to

page 14‐100

for the command definition.

•

exchange-mode

sets IKE to main or aggressive exchange mode. Refer to

page 14‐101

for the

command definition.

•

nat-traversal

sets the IKE and IPSec NAT (Network Address Translation) traversal mode.

Refer to

page 14‐102

for the command definition.

•

proposal

attaches IKE policies to a remote peer. Refer to

page 14‐102

for the command

definition.

•

user-id

defines the identity information to be used during aggressive IKE Phase 1

negotiation. Refer to

page 14‐103

for the command definition.

seconds

The interval, in seconds, each SA exists before expiring.