CCSP SECUR Exam Cram 2 (642-501)

Just like the IKE tunnel, the IPSec tunnel is valid for a particular time period called a lifetime . You can configure the IPSec lifetime for a specific period of time in seconds, but you can also configure the number of kilobytes (KB) for which the tunnel remains up. The command syntax to configure the IPSec SA lifetime is

crypto ipsec security-association lifetime {seconds seconds kilobytes kilobytes }

The default IPSec SA lifetime is 3,600 sec (one hour ) and 4,608,000KB (10 Mbps). When it reaches either of those maximum values, the IPSec tunnel expires .

Before the IPSec is torn down, a new tunnel is renegotiated and there is no interruption in the flow of data traffic.

If you want to change the default values to, for example, 1,800 sec and 2,304,000KB, the commands would be as shown in Figure 9.8

Figure 9.8. IPSec SA lifetime.

Related

Категории