1. Administrative Security Guide
  2. Configuring IKEv2 Interfaces
  3. IPSec SA Rekey on Sequence Number Overflow
  4. IPSec SA Rekey on Sequence Number Overflow Configuration

IPSec SA Rekey on Sequence Number Overflow Configuration

  1. Access the ipsec-global-config configuration element. 
    ORACLE# configure terminal
ORACLE(configure)# security
ORACLE(security)# ipsec
ORACLE(ipsec)# ipsec-global-config
ORACLE(ipsec-global-config)#
  2. Select the ipsec-global-config object to edit. 
    ORACLE(ipsec-global-config)# select
ORACLE( ipsec-global-config)#
  3. rekey-on-sn-overflow — Identifies whether to enable IPSec rekey on sequence number (SN) or extended sequence number (ESN) overflow. Rekey initiation is independent of the value of the parameter v2-rekey in the ike-interface configuration element. Allowable values are enabled and disabled. The default is enabled.
  4. sn-rekey-threshold — Identifies the threshold for triggering an IPSec security association (SA) rekey on SN or ESN overflow as a percentage of the SN (32-bit) or ESN (64-bit) number space. The allowable range is 80 to 100 and the default is 95.
  5. Type done to save your configuration.