Cisco Cisco Packet Data Gateway (PDG)
Crypto Template IKEv2-Dynamic Payload Configuration Mode Commands
rekey ▀
Command Line Interface Reference, StarOS Release 16 ▄
2947
rekey
Configures IPSec Child Security Association rekeying.
Product
All Security Gateway products
Privilege
Security Administrator
Mode
Exec > Global Configuration > Context Configuration > Crypto Template Configuration > Crypto Template IKEv2-
Dynamic Payload Configuration
Dynamic Payload Configuration
configure > context context_name > crypto template template_name ikev2-dynamic > payload
payload_name match childsa
payload_name match childsa
match
{ any | ipv4 | ipv6 }
Entering the above command sequence results in the following prompt:
[context_name]host_name(cfg-crypto-tmpl-ikev2-tunnel-payload)#
Syntax
[ no ] rekey [ keepalive ]
no
Disables this feature.
keepalive
If specified, a session will be rekeyed even if there has been no data exchanged since the last rekeying
operation. By default, rekeying is only performed if there has been data exchanged since the previous rekey.
operation. By default, rekeying is only performed if there has been data exchanged since the previous rekey.
Usage
Use this command to enable or disable the ability to rekey IPSec Child SAs after approximately 90% of the
Child SA lifetime has expired. The default, and recommended setting, is not to perform rekeying. No
rekeying means the PDIF will not originate rekeying operations and will not process CHILD SA rekeying
requests from the UE.
Child SA lifetime has expired. The default, and recommended setting, is not to perform rekeying. No
rekeying means the PDIF will not originate rekeying operations and will not process CHILD SA rekeying
requests from the UE.
Example
The following command disables rekeying:
no rekey