Just like the IKE tunnel, the IPSec tunnel is valid for a particular time period called a lifetime . You can configure the IPSec lifetime for a specific period of time in seconds, but you can also configure the number of kilobytes (KB) for which the tunnel remains up. The command syntax to configure the IPSec SA lifetime is crypto ipsec security-association lifetime {seconds seconds kilobytes kilobytes } The default IPSec SA lifetime is 3,600 sec (one hour ) and 4,608,000KB (10 Mbps). When it reaches either of those maximum values, the IPSec tunnel expires .
If you want to change the default values to, for example, 1,800 sec and 2,304,000KB, the commands would be as shown in Figure 9.8 Figure 9.8. IPSec SA lifetime.
|