 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
When a dynamic IPSec SA is created, two types of lifetimes are used: hard and soft. The hard lifetime specifies the lifetime of the SA. The soft lifetime, which is derived from the hard lifetime, informs the IPSec key management system that the SA is about to expire. This allows the key management system to negotiate a new SA before the hard lifetime expires.
To configure the hard lifetime value, include the lifetime-seconds statement and specify the number of seconds at the [edit services ipsec-vpn ipsec proposal proposal-name] hierarchy level:
-
lifetime-seconds seconds;
The default lifetime is 28,800 seconds. The range is from 180 through 86,400 seconds.
The soft lifetime values are as follows:
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |