crypto-ikev1/ikev2-policy commands

Specifies how long an IKE SA (encryption/authentication keys) is valid. The value specified is the validity period of the IKE SA from successful key negotiation to expiration.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


lifetime <600-86400>


lifetime <600-86400>
lifetime <600-86400> Specifies how many seconds an IKE SA lasts before it expires. Set a time stamp from 600 - 86400 seconds.
  • <600-86400> – Specify a value from 600 - 86400 seconds. The default is 86400 seconds.


nx9500-6C8809(config-profile-default-rfs4000-ikev1-policy-ikev1-testpolicy)#lifetime 655

nx9500-6C8809(config-profile-default-rfs4000-ikev1-policy-ikev1-testpolicy)#show context
 crypto ikev1 policy testpolicy
  dpd-keepalive 11
  dpd-retries 10
  lifetime 655
  isakmp-proposal default encryption aes-256 group 2 hash sha
  isakmp-proposal testpraposal encryption aes group 2 hash sha