Section 35.3.28, Section 35.3.29 – Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

Use ”no ike-lifetime” to return to the default setting.

Use ”show ike-lifetime” to show the configured IKE (phase 1) security
association lifetime setting (in seconds).

Default values 3600 seconds (1h)

35.3.28

Configure SA (ESP) Lifetime

Syntax [no] sa-lifetime <SECONDS[s] | MINUTESm | HOURSh | DAYSd>

Context

IPsec Configuration

context

Usage Set the ESP (phase 2) security association lifetime. When this time has

passed, a new phase 2 negotiation will be initiated. The remote peer may
use a different value. In that case, the peer with the lowest timeout will
initiate the renegotiation first.

Use ”no sa-lifetime” to return to the default setting.

Use ”show sa-lifetime” to show the configured ESP (phase 2) security
association lifetime setting (in seconds).

Default values 28800 seconds (8h)

35.3.29

Show IPsec Tunnel Status

Syntax show tunnel ipsec [ID]

Context

Admin Exec

context.

Usage Show the status for all or for a specific IPsec tunnel.

Default values If no tunnel ID is specified, the status of all tunnels is shown.

834

➞ 2015 Westermo Teleindustri AB