Cisco Cisco Packet Data Gateway (PDG)
rekey
Configures IPSec Child Security Association rekeying.
Product
All Security Gateway products
Privilege
Security Administrator
Command Modes
Exec > Global Configuration > Context Configuration > Crypto Template Configuration > Crypto Template
IKEv2-Dynamic Payload Configuration
IKEv2-Dynamic Payload Configuration
configure > context context_name > crypto template template_name ikev2-dynamic > payload payload_name
match childsa match { any | ipv4 | ipv6 }
match childsa match { any | ipv4 | ipv6 }
Entering the above command sequence results in the following prompt:
[
context_name
]
host_name
(cfg-crypto-tmpl-ikev2-tunnel-payload)#
Syntax Description
[ no ] rekey [ keepalive ]
no
Disables this feature.
keepalive
If specified, a session will be rekeyed even if there has been no data exchanged since the last rekeying operation.
By default, rekeying is only performed if there has been data exchanged since the previous rekey.
By default, rekeying is only performed if there has been data exchanged since the previous rekey.
Usage Guidelines
Use this command to enable or disable the ability to rekey IPSec Child SAs after approximately 90% of the
Child SA lifetime has expired. The default, and recommended setting, is not to perform rekeying. No rekeying
means the PDIF will not originate rekeying operations and will not process CHILD SA rekeying requests
from the UE.
Child SA lifetime has expired. The default, and recommended setting, is not to perform rekeying. No rekeying
means the PDIF will not originate rekeying operations and will not process CHILD SA rekeying requests
from the UE.
Examples
The following command disables rekeying:
no rekey
no rekey
Command Line Interface Reference, Modes C - D, StarOS Release 19
1279
Crypto Template IKEv2-Dynamic Payload Configuration Mode Commands
rekey