, control the establishment of IKEv2 IKE SAs. The
key lifetime is the length of time that a negotiated IKE SA key is effective. Before the
key lifetime expires, the SA must be re-keyed; otherwise, upon expiration, the SA must
begin a new IKEv2 IKE SA re-key. The default value is 8 hours.
The reauthentication interval is derived by multiplying the
IKEv2 Authentication Multiple
. The authentication multiple
defaults to 0, which disables the reauthentication feature.
The range of the authentication multiple is 0-50. So, if you were to configure an authentication
multiple of 20, for example, the system would perform reauthentication every 20 re-keys,
which is every 160 hours. That means the gateway could perform Child SA creation for 160
hours before the gateway must reauthenticate with IKE to recreate the IKE SA from
In IKEv2, the Initiator and Responder gateways have their own
key lifetime value, and the gateway with the shorter key lifetime
is the one that will request that the SA be re-keyed.