Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

request security ipsec-rekey

request security ipsec-rekey—Force IPsec to generate new keys (on vEdge routers only). Use this command when the IPsec keys have been compromised. After you issue this command, the old key continues to be used until it times out.

Command Syntax

request security ipsec-rekey

Options

None

Output Fields

The output fields are self-explanatory.

Example Output

In this example, the SPIs (keys) for TLOC 172.16.255.15 change from 256 and 257 to 257 and 258.

vEdge# show tunnel local-sa         
                                          SOURCE           SOURCE             
TLOC ADDRESS     TLOC COLOR       SPI     IP               PORT    KEY HASH   
------------------------------------------------------------------------------
172.16.255.15    lte              256     10.1.15.15       12346   *****b93a  
172.16.255.15    lte              257     10.1.15.15       12346   *****b93a  

vEdge# request security ipsec-rekey
 
vEdge# show tunnel local-sa

                                          SOURCE           SOURCE             
TLOC ADDRESS     TLOC COLOR       SPI     IP               PORT    KEY HASH   
------------------------------------------------------------------------------
172.16.255.15    lte              257     10.1.15.15       12346   *****b93a  
172.16.255.15    lte              258     10.1.15.15       12346   *****a19d 

Release Information

Command introduced in Viptela Software Release 14.2.

  • Was this article helpful?