Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

rekey

security ipsec rekey—Modify the IPsec rekeying timer (on vEdge routers only).

vManage Feature Template

For vEdge routers only:

Configuration ► Templates ► Security

Command Hierarchy

security
  ipsec    
    rekey seconds

Options

Rekeying Time
seconds
How often a vEdge router changes the AES key used on its secure IPsec connection to other vEdge routers. If OMP graceful restart is enabled, the rekeying time must be at least twice the value of the OMP graceful restart timer. This value is equivalent to the security association (SA) lifetime.
Range: 10 through 1209600 seconds (14 days)
Default: 86400 seconds (24 hours)

Example

Change the IPsec rekeying time to 1 week:

security
  ipsec
    rekey 604800

Release Information

Command introduced in Viptela Software Release 14.1.​
In Release 15.3.5, rekeying time default changed from 7200 seconds (2 hours) and maximum time increased from 2 days to 7 days.

Additional Information

See the Configuring Security Parameters article for your software release.
graceful-restart
request security ipsec-rekey
show bfd sessions
timers

  • Was this article helpful?