crypto ipsec security-association lifetime




crypto ipsec security-association lifetime {seconds seconds | kilobytes kilobytes}

no crypto ipsec security-association lifetime {seconds | kilobytes}

Syntax Description:

seconds seconds Specifies the number of seconds a security association will live before expiring. The default is 3600 seconds (one hour).
kilobytes kilobytes Specifies the volume of traffic (in kilobytes) that can pass between IPSec peers using a given security association before that security association expires. The default is 4,608,000 kilobytes.

Command Description:

To change global lifetime values used when negotiating IPSec security associations, use the crypto ipsec security-association lifetime global configuration command. To reset a lifetime to the default value, use the no form of this command.


The following example shortens both lifetimes, because the administrator feels there is a higher risk that the keys could be compromised. The timed lifetime is shortened to 2,700 seconds (45 minutes), and the traffic-volume lifetime is shortened to 2,304,000 kilobytes (10 megabytes per second for one half hour):

Router(config)#crypto ipsec security-association lifetime seconds 2700
Router(config)#crypto ipsec security-association lifetime kilobytes 2304000



Related commands:


� Cisco Systems, Inc. 2001, 2002, 2003
World Wide Education

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)