No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
WLAN AC V200R010C00 Command Reference
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
sa keep-holding-to hard-duration

sa keep-holding-to hard-duration

Function

The sa keep-holding-to hard-duration command configures the device to delete the original IPSec SA after the hard lifetime expires during IPSec SA re-negotiation.

The undo sa keep-holding-to hard-duration command configures the device to delete the original IPSec SA immediately after it uses the new IPSec SA to transmit data during IPSec SA re-negotiation.

By default, during IPSec SA re-negotiation, the device deletes the original IPSec SA immediately after using the new IPSec SA to transmit data.

Format

sa keep-holding-to hard-duration

undo sa keep-holding-to hard-duration

Parameters

None

Views

ISAKMP IPSec policy view, IPSec policy template view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After a new IPSec SA is negotiated, if the peer device still uses the original IPSec SA to transmit data while the local device deletes the original IPSec SA immediately after using the new IPSec SA to transmit data, the IPSec SAs on the two devices will be different. This will cause IPSec traffic interruption. In this case, you are advised to run the sa keep-holding-to hard-duration command to enable the local device to delete the original IPSec SA after the hard lifetime expires.

Precautions

This command takes effect only for IPSec SAs established through IKEv1 negotiation.

Example

# Configure the device to delete the original IPSec SA after the hard lifetime expires during IPSec SA re-negotiation.

<AC6605> system-view
[AC6605] ipsec policy policy1 1 isakmp
[AC6605-ipsec-policy-isakmp-policy1-1] sa keep-holding-to hard-duration
Translation
简体中文
Download
Updated: 2021-02-27

Document ID: EDOC1100064351

Views: 3159085

Downloads: 589

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :