beautypg.com

Security-association – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 629

background image

616

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

7

security-association

crypto-map auto-vpn-tunnel/remote-vpn-client instance

Defines the IPSec SA’s (created by this auto site-to-site VPN tunnel or remote VPN client) settings

Supported in the following platforms:

Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point

Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000

Service Platforms — Brocade Mobility RFS9510

Syntax:

security-association [inactivity-timeout|level|lifetime]

security-association [inactivity-timeout <120-86400>|level prehost]

security-association lifetime [kilobytes <500-2147483646>|seconds <120-86400>]

Parameters

security-association [inactivity-timeout <120-86400>|level prehost]

security-association lifetime [kilobytes <500-2147483646>|seconds <120-86400>]

Example

Site-to-site tunnel:

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#security-ass

ociation inactivity-timeout 200

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#security-ass

ociation level perhost

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#security-ass

ociation lifetime kilobytes 250000

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#show context

crypto map test 1 ipsec-isakmp

security-association level perhost

peer 1 ikev2 ikev2Peer1

inactivity-timeout
<120-86400>

Specifies an inactivity period, in seconds, for this IPSec VPN SA. Once the set value is exceeded, the
association is timed out.

<120-86400> – Specify a value from 120 - 86400 seconds. The default is 900 seconds.

level prehost

Specifies the granularity level for this IPSec VPN SA

prehost – Sets the IPSec VPN SA’s granularity to the host level

lifetime
[kilobytes
<500-2147483646>|
seconds <120-86400>]

Defines the IPSec SA’s lifetime (in kilobytes and/or seconds). Values can be entered in both kilobytes and
seconds. Which ever limit is reached first, ends the security association.

kilobytes <500-2147483646> – Defines volume based key duration. Specify a value from
500 - 2147483646 kilobytes. Select this option to define a connection volume lifetime (in kilobytes)
for the duration of the IPSec VPN SA. Once the set volume is exceeded, the association is timed out.

seconds <120-86400> – Defines time based key duration. Specify the time frame from
120 - 86400 seconds. Select this option to define a lifetime (in seconds) for the duration of the IPSec
VPN SA. Once the set value is exceeded, the association is timed out.

See also other documents in the category Brocade Computer Accessories: