crypto-auto-ipsec-tunnel commands

Configures the IKE SA‘s key lifetime in seconds

The lifetime defines how long a connection (encryption/authentication keys) should last, from successful key negotiation to expiration. Two peers need not exactly agree on the lifetime, though if they do not, there is some clutter for a superseded connection on the peer defining the lifetime as longer.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


ike-lifetime <600-86400>


ike-lifetime <600-86400>
ike-lifetime <600-86400> Sets the IKE SA‘s key lifetime in seconds
  • <600-86400> – Specify a value fro m 600 - 86400 seconds. The default is 8600 seconds.


rfs4000-229D58(config-profile-testRFS4000-crypto-auto-ipsec-secure)#ike-lifetime 800

rfs4000-229D58(config-profile-testRFS4000-crypto-auto-ipsec-secure)#show context crypto auto-ipsec-secure
  ike-lifetime 800