3com 3031 Instruccion De Instalación
858
C
HAPTER
61: IKE C
ONFIGURATION
Perform the following in the IKE Proposal View.
By default, 768-bit Diffie-Hellman group (
group1
) is selected.
Configuring lifetime of ISAKMP SA (optional)
This configuration is used to specify the lifetime of ISAKMP SA used by an IKE
proposal.
proposal.
Perform the following in the IKE Proposal View.
If
sa duration
expires, the ISAKMP SA will automatically update. The SA lifetime
can be set as one number between 60 and 604800 seconds. Because the IKE
negotiation needs to perform DH algorithm, which will take a longer period of
time. For the purpose that the update of ISAKMP SA does not affect the security
communication, it is recommended to set the
negotiation needs to perform DH algorithm, which will take a longer period of
time. For the purpose that the update of ISAKMP SA does not affect the security
communication, it is recommended to set the
sa duration
greater than 10
minutes.
The SA will negotiate another one to replace the old SA before the set SA duration
is exceeded. It is called soft timeout. The starting time of the soft timeout is 90%
of the SA duration timeout. The old SA will be cleared automatically when the SA
duration is exceeded, which can be called hard timeout.
is exceeded. It is called soft timeout. The starting time of the soft timeout is 90%
of the SA duration timeout. The old SA will be cleared automatically when the SA
duration is exceeded, which can be called hard timeout.
By default, the ISAKMP SA duration is 86400 seconds (a day).
Table 930 Selecting Diffe-Hellman group ID
Operation
Command
Select Diffie-Hellman group ID
dh { group1 | group2 }
Restore the default value of Diffie-Hellman group ID
undo dh
Table 931 Setting sa duration of IKE SA
Operation
Command
Configure lifetime of IKE SA
sa duration seconds
Restore the default lifetime
undo sa duration