Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Remote Peer ISAKMP Protocol Policy Mode Commands

XSR CLI Reference Guide 14-99

lifetime

ThiscommandspecifiesthelifetimeofanIKESecurityAssociation(SA)foragivenIKEproposal

(policy).

Syntax

lifetime seconds

Syntax of the “no” Form

Thenoformofthiscommandresetstothedefaultvalue:

no lifetime

Default

28,800seconds(8hours)

Mode

ISAKMPprotocolpolicyconfiguration:XSR(config-isakmp)#

Example

ThefollowingexamplesetstheIKESAlifetimeat8hoursforACMEproposal:

XSR(config)#crypto isakmp proposal ACMEproposal

XSR(config-isakmp)#lifetime 28800

Remote Peer ISAKMP Protocol Policy Mode Commands

crypto isakmp peer

Thiscommandconfigurestheremotepeer’sIPaddressand/orsubnetandacquiresISAKMP

configurationmode.Thefollowingsub‐commandscanbeenteredatISAKMPPeermode:

•

config-mode setsthelocalIKEModeconfiguration,thedefactostandardtoassignIP

addresseswithinIKE.Refertopage14‐100forthecommanddefinition.

•

exchange-mode setsIKEtomainoraggressiveexchangemode.Refertopage14‐101forthe

commanddefinition.

•

nat-traversal setstheIKEandIPSecNAT(NetworkAddressTranslation)traversalmode.

Refertopage14‐102forthecommanddefinition.

•

proposal attachesIKEpoliciestoaremotepeer.Refertopage14‐102forthecommand

definition.

•

user-iddefinestheidentityinformation tobeusedduringaggressiveIKEPhase1

negotiation.Refertopage14‐103forthecommanddefinition.

seconds

Theinterval,inseconds,eachSAexistsbeforeexpiring.

previous next