для Cisco Cisco Packet Data Gateway (PDG)
Default: ipv4-address-subnet
ipv4-address: Use IPV4_ADDR as the Phase 2 payload identifier.
ipv4-address-subnet: Use IPV4_ADDR_SUBNET as the Phase 2 payload identifier.
security-association lifetime { keepalive | kilo-bytes kbytes | seconds secs }
Defaults:
• keepalive: Disabled
• kilo-bytes: 4608000 kbytes
• seconds: 28800 seconds
This keyword specifies the parameters that determine the length of time an IKE Security Association (SA) is
active when no data is passing through a tunnel. When the lifetime expires, the tunnel is torn down. Whichever
parameter is reached first expires the SA lifetime.
active when no data is passing through a tunnel. When the lifetime expires, the tunnel is torn down. Whichever
parameter is reached first expires the SA lifetime.
• keepalive: The SA lifetime expires only when a keepalive message is not responded to by the far end.
• kilo-bytes: This specifies the amount of data in kilobytes to allow through the tunnel before the SA
lifetime expires; entered as an integer from 2560 through 4294967294.
• seconds: The number of seconds to wait before the SA lifetime expires; entered as an integer from 1200
through 86400.
If the dynamic crypto map is being used in conjunction with Mobile IP and the Mobile IP renewal timer
is less than the crypto map's SA lifetime (either in terms of kilobytes or seconds), then the keepalive
parameter must be configured.
is less than the crypto map's SA lifetime (either in terms of kilobytes or seconds), then the keepalive
parameter must be configured.
Important
transform-set transform_name [ transform-set transform_name2 ... transform-set transform_name6 ]
Specifies the name of a transform set configured in the same context that will be associated with the crypto
map. Refer to the command crypto ipsec transform-set for information on creating transform sets.
map. Refer to the command crypto ipsec transform-set for information on creating transform sets.
You can repeat this keyword up to 6 times on the command line to specify multiple transform sets.
trasnform_name is the name of the transform set entered as an alphanumeric string from 1 through 127
characters that is case sensitive.
characters that is case sensitive.
Usage Guidelines
Use this command to set parameters for a dynamic crypto map.
Examples
The following command sets the PFS group to Group1:
set pfs group1
set pfs group1
The following command sets the SA lifetime to 50000 KB:
set security-association lifetime kilo-bytes 50000
set security-association lifetime kilo-bytes 50000
The following command sets the SA lifetime to 10000 seconds:
set security-association lifetime seconds 10000
set security-association lifetime seconds 10000
Command Line Interface Reference, Modes C - D, StarOS Release 19
1102
Crypto Map IPSec Dynamic Configuration Mode Commands
set