Chapter 4 Configuring the VSA
Configuration Tasks
To change a global lifetime for IPSec security associations, use one or more of the following commands:
Note The clear commands in Step 5 below are in EXEC or enable mode (see “Using the EXEC Command Interpreter” section on page
Step | Command | Purpose |
|
|
|
Step 1 | Router# enable | Enables privileged EXEC mode. Enter your password if |
|
| prompted. |
|
|
|
Step 2 | Router# configure terminal | Enters global configuration mode. |
|
|
|
Step 3 | Router(config)# crypto ipsec | Changes global lifetime values used when negotiating |
| IPSec security associations (SAs). To reset a lifetime to | |
|
| the default value, use the no form of this command. |
|
| Specifies the number of seconds a security association |
|
| will live before expiring. The default is 3600 seconds (one |
|
| hour). |
|
|
|
Step 4 | Router(config)# crypto ipsec | Changes the global |
| SAs. | |
| kilobytes | Specifies the volume of traffic (in kilobytes) that can pass |
|
| |
|
| between IPSec peers using a given security association |
|
| before that security association expires. The default is |
|
| 4,608,000 kilobytes. |
|
|
|
Step 5 | Router# clear crypto sa | (Optional) Clears existing security associations. This |
| or | causes any existing security associations to expire |
| immediately; future security associations will use the new | |
|
| |
| Router# clear crypto sa peer | lifetimes. Otherwise, any existing security associations |
| will expire according to the previously configured | |
| or | lifetimes. |
| Note Using the clear crypto sa command without | |
| Router# clear crypto sa map | |
| parameters will clear out the full SA database, | |
|
| |
| or | which will clear out active security sessions. You |
| may also specify the peer, map, or spi keywords | |
| Router# clear crypto sa spi | |
| to clear out only a subset of the SA database. For | |
| protocol spi | |
| more information, see the clear crypto sa | |
|
| |
|
| command. |
|
|
|
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
|
| ||
|
|