Security-association – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 629
616
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
7
security-association
crypto-map auto-vpn-tunnel/remote-vpn-client instance
Defines the IPSec SA’s (created by this auto site-to-site VPN tunnel or remote VPN client) settings
Supported in the following platforms:
•
Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point
•
Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000
•
Service Platforms — Brocade Mobility RFS9510
Syntax:
security-association [inactivity-timeout|level|lifetime]
security-association [inactivity-timeout <120-86400>|level prehost]
security-association lifetime [kilobytes <500-2147483646>|seconds <120-86400>]
Parameters
security-association [inactivity-timeout <120-86400>|level prehost]
security-association lifetime [kilobytes <500-2147483646>|seconds <120-86400>]
Example
Site-to-site tunnel:
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#security-ass
ociation inactivity-timeout 200
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#security-ass
ociation level perhost
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#security-ass
ociation lifetime kilobytes 250000
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#show context
crypto map test 1 ipsec-isakmp
security-association level perhost
peer 1 ikev2 ikev2Peer1
inactivity-timeout
<120-86400>
Specifies an inactivity period, in seconds, for this IPSec VPN SA. Once the set value is exceeded, the
association is timed out.
•
<120-86400> – Specify a value from 120 - 86400 seconds. The default is 900 seconds.
level prehost
Specifies the granularity level for this IPSec VPN SA
•
prehost – Sets the IPSec VPN SA’s granularity to the host level
lifetime
[kilobytes
<500-2147483646>|
seconds <120-86400>]
Defines the IPSec SA’s lifetime (in kilobytes and/or seconds). Values can be entered in both kilobytes and
seconds. Which ever limit is reached first, ends the security association.
•
kilobytes <500-2147483646> – Defines volume based key duration. Specify a value from
500 - 2147483646 kilobytes. Select this option to define a connection volume lifetime (in kilobytes)
for the duration of the IPSec VPN SA. Once the set volume is exceeded, the association is timed out.
•
seconds <120-86400> – Defines time based key duration. Specify the time frame from
120 - 86400 seconds. Select this option to define a lifetime (in seconds) for the duration of the IPSec
VPN SA. Once the set value is exceeded, the association is timed out.