Refreshing a Security Association is the process of creating a new Security Association to replace an existing Security Association. The IKED automatically refreshes Security Associations when they are about to expire.
You can use the ReauthInterval parameter on the KeyExchangeAction statement to cause the IKED to periodically reauthenticate an existing IKEv2 phase 1 Security Association. For more information about the KeyExchangeAction statement, see the KeyExchangeAction statement in z/OS Communications Server: IP Configuration Reference.
You can use the refresh option on the ipsec command to refresh an existing phase 1 Security Association. When you use the ipsec command to refresh an existing IKEv1 or IKEv2 phase 1 Security Association, new keys are negotiated and the identity of the IKE peer is reauthenticated. For more information about the ipsec command, see z/OS Communications Server: IP System Administrator's Commands.