home

Supported platforms

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

thumbnailSupported platforms

IPsec Site-to-Site VPN Commands

security vpn ipsec ike-group <name> lifetime <lifetime>

Specifies how long an IKE group key can stay in effect.

set security vpn ipsec ike-group name lifetime lifetime
delete security vpn ipsec ike-group name lifetime
show security vpn ipsec ike-group name lifetime

An IKE key stays in effect for 8 hours.

name
The name to be used to refer to this IKE configuration.
lifetime
The time, in seconds, that any key created during IKE Phase 1 negotiation can persist before the next negotiation is triggered. The numbers range from 30 through 86400 (that is, 24 hours). The default is 28800 (8 hours).

Configuration mode 

security {
        vpn {
            ipsec {
                ike-group name {
                    lifetime lifetime
            }
        }
    }
}
Use this command to specify the lifetime of an IKE key.
Note: The lifetime of IKE security associations (SA) should be greater than the lifetime of ESP SA.

Use the set form of this command to specify key lifetime.

Use the delete form of this command to restore the default key lifetime.

Use the show form of this command to view key lifetime configuration.

Last updated: December 22, 2021