Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

security vpn ipsec esp-group <name> lifetime <lifetime>

Specifies how long an ESP encryption key can stay in effect.

set security vpn ipsec esp-group name lifetime lifetime
delete security vpn ipsec esp-group name lifetime
show security vpn ipsec esp-group name lifetime

Keys stay in effect for 3,600 seconds (1 hour).

name
The name to be used to refer to the ESP configuration.
lifetime
The time, in seconds, that any key created during IKE Phase 2 negotiation can persist before the next negotiation is triggered. The numbers range from 30 through 86400 (that is, 24 hours). The default is 3600 (1 hour).

Configuration mode

security {
        vpn {
            ipsec {
                esp-group name {
                    lifetime lifetime
            }
        }
    }
}
Use this command to specify the lifetime of a key.
Note: The lifetime of IKE security associations (SA) should be greater than the lifetime of ESP SA.

Use the set form of this command to specify the lifetime of a key.

Use the delete form of this command to remove the lifetime configuration.

Use the show form of this command to view the lifetime configuration.