security ipsec rekey—Modify the IPsec rekeying timer (on vEdge routers only).
vManage Feature Template
For vEdge routers only:
Configuration ► Templates ► Security
- Rekeying Time
How often a vEdge router changes the AES key used on its secure IPsec connection to other vEdge routers. If OMP graceful restart is enabled, the rekeying time must be at least twice the value of the OMP graceful restart timer. This value is equivalent to the security association (SA) lifetime.
Range: 10 through 1209600 seconds (14 days)
Default: 86400 seconds (24 hours)
Change the IPsec rekeying time to 1 week:
security ipsec rekey 604800
Command introduced in Viptela Software Release 14.1.
In Release 15.3.5, rekeying time default changed from 7200 seconds (2 hours) and maximum time increased from 2 days to 7 days.