261
CONFIG Commands
Internet Key Exchange (IKE) Settings
The following four IPsec parameters configure the rekeying event.
set security ipsec tunnels name "123" IKE-mode
ipsec-soft-mbytes (1000) {1-1000000}
set security ipsec tunnels name "123" IKE-mode
ipsec-soft-seconds (82800) {60-1000000}
set security ipsec tunnels name "123" IKE-mode
ipsec-hard-mbytes (1200) {1-1000000}
set security ipsec tunnels name "123" IKE-mode
ipsec-hard-seconds (86400) {60-1000000}
•
The
soft
parameters designate when the system
begins
to negotiate a new key. For
example, after 82800 seconds (23 hours) or 1 Gbyte has been transferred (whichever
comes first) the key will begin to be renegotiated.
•
The
hard
parameters indicate that the renegotiation
must
be complete
or the tunnel will
be disabled. For example, 86400 seconds (24 hours) means that the renegotiation
must be complete within one day.
Both ends of the tunnel set parameters, and typically they will be the same. If they are not
the same, the rekey event will happen when the longest time period expires or when the
largest amount of data has been sent.