3com MSR 20-20 참조 매뉴얼
2146
C
HAPTER
140: IPS
EC
C
ONFIGURATION
C
OMMANDS
Use the undo sa duration command to restore the default.
By default, the time-based global SA lifetime is 3,600 seconds, and traffic-based
SA lifetime is 1,843,200 kilobytes.
SA lifetime is 1,843,200 kilobytes.
Note that:
■
When negotiating to set up an SA, IKE prefers the lifetime of the IPSec policy
that it uses. If the IPSec policy is not configured with its lifetime, IKE uses the
global SA lifetime.
that it uses. If the IPSec policy is not configured with its lifetime, IKE uses the
global SA lifetime.
■
When negotiating to set up an SA, IKE prefers the shorter one of the local
lifetime and that proposed by the remote.
lifetime and that proposed by the remote.
■
The SA lifetime applies to only IKE negotiated SAs; it takes no effect on
manually configured SAs.
manually configured SAs.
Related command:
Example
# Set the SA lifetime for the IPSec policy to 2 hours, that is, 7,200 seconds.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration time-based 7200
# Set the SA lifetime for the IPSec policy to 20 Mbytes, that is, 20,480 kilobytes.
<Sysname> system-view
[Sysname] ipsec policy policy1 100 isakmp
[Sysname-ipsec-policy-isakmp-policy1-100] sa duration traffic-based 20480
sa encryption-hex
Syntax
sa encryption-hex { inbound | outbound } esp hex-key
undo sa encryption-hex { inbound | outbound } esp
View
IPSec policy view
Parameter
inbound: Specifies the inbound SA through which IPSec processes the received
packets.
packets.
outbound: Specifies the outbound SA through which IPSec process the sent
packets.
packets.
esp: Uses ESP.
hex-key: Encryption key for the SA, in hexadecimal format. The length of the key is
8 bytes for DES and 24 bytes for 3DES.
8 bytes for DES and 24 bytes for 3DES.
Description
Use the sa encryption-hex command to configure an encryption key for an SA.
Use the undo sa encryption-hex command to remove the configuration.