Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

request ipsec ike-rekey

request ipsec ike-rekey—Force the generation of new keys for an IKE session (on vEdge routers only).

Command Syntax

request ipsec ike-rekey vpn vpn-id interface ipsecnumber

Options

Interface Name
ipsecnumber
Name of the IPsec interface on which to force the generation of new keys for an IKE session.
VPN
vpn vpn-id
VPN in which the IPsec interface is located.

Output Fields

None

Example Output

Generate a new key for an IKE session. After the new key is generated, the SPI for the session changes and the uptime for the sessions resets to zero. You cannot directly display the old and new keys.

vEdge# show ipsec ike sessions

     IF                           SOURCE              DEST                                                                                                
VPN  NAME    VERSION  SOURCE IP   PORT    DEST IP     PORT  INITIATOR SPI     RESPONDER SPI     CIPHER SUITE     DH GROUP        STATE        UPTIME      
----------------------------------------------------------------------------------------------------------------------------------------------------------
1    ipsec1  2        10.1.16.16  4500    10.1.15.15  4500  d58a40949a1e6ef8  5906334ba438d48c  aes256-cbc-sha1  16 (MODP-4096)  ESTABLISHED  0:00:02:08  

vEdge# request ipsec ipsec-rekey vpn 1 interface ipsec1
vEdge# show ipsec ike sessions

     IF                           SOURCE              DEST                                                                                                
VPN  NAME    VERSION  SOURCE IP   PORT    DEST IP     PORT  INITIATOR SPI     RESPONDER SPI     CIPHER SUITE     DH GROUP        STATE        UPTIME      
----------------------------------------------------------------------------------------------------------------------------------------------------------
1    ipsec1  2        10.1.16.16  4500    10.1.15.15  4500  ecdc1457fbd38824  1ee5fd9f7a645c44  aes256-cbc-sha1  16 (MODP-4096)  ESTABLISHED  0:00:00:18  

Release Information

Command introduced in Viptela Software Release 17.2.

  • Was this article helpful?