home

Supported platforms

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

thumbnailSupported platforms

IPsec Site-to-Site VPN Commands

security vpn ipsec esp-group <name> lifetime <lifetime>

Specifies how long an ESP encryption key can stay in effect.

set security vpn ipsec esp-group name lifetime lifetime
delete security vpn ipsec esp-group name lifetime
show security vpn ipsec esp-group name lifetime

Keys stay in effect for 3,600 seconds (1 hour).

name
The name to be used to refer to the ESP configuration.
lifetime
The time, in seconds, that any key created during IKE Phase 2 negotiation can persist before the next negotiation is triggered. The numbers range from 30 through 86400 (that is, 24 hours). The default is 3600 (1 hour).

Configuration mode 

security {
        vpn {
            ipsec {
                esp-group name {
                    lifetime lifetime
            }
        }
    }
}
Use this command to specify the lifetime of a key.
Note: The lifetime of IKE security associations (SA) should be greater than the lifetime of ESP SA.

Use the set form of this command to specify the lifetime of a key.

Use the delete form of this command to remove the lifetime configuration.

Use the show form of this command to view the lifetime configuration.

Last updated: December 22, 2021