The sa soft-duration time-based buffer command sets the soft timeout buffer time for an IKE SA.
The undo sa soft-duration time-based buffer command cancels the configuration.
By default, the soft timeout buffer time is not configured for an IKE SA.
| Parameter | Description | Value |
|---|---|---|
| seconds | Specifies the soft timeout buffer time for an IKE SA. | The value is an integer that ranges from 10 to 36000, in seconds. |
Usage Scenario
Before the IKE SA hard lifetime (hard timeout period) expires, a new IKE SA is negotiated to replace the original IKE SA. The time from the establishment of the original IKE SA till the negotiation of the new IKE SA is the soft lifetime (soft timeout period). The administrator can set the soft timeout buffer time to adjust the IKE SA re-negotiation time.
After the soft timeout buffer time is specified, if the hard lifetime is greater than the soft timeout buffer time by more than 10s, the system uses the soft timeout buffer time subtracted from the hard timeout as the soft lifetime; otherwise, the default soft lifetime is used.
Precautions
During IKEv1 negotiation, the responder cannot initiate IKE SA renegotiation after the IKE SA soft lifetime expires.
During IKEv2 negotiation, the responder runs the ike negotiate compatible command in the IKE peer view. After the IKE SA soft lifetime expires, the responder cannot initiate IKE SA renegotiation.