Security Association lifetime question

Unanswered Question
Jun 5th, 2007

Working through SNRS Greg Bastien.

I cannot work out what the Security lifetime is used for in Global config mode. I configured the lifetime parameters for both the IKE phase 1 and IPSEC 'crypto map' but then when I did :

'show crypto ipsec security-association'

found that the lifetime was set to 3600 seconds. I'm confused.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
sundar.palaniappan Tue, 06/05/2007 - 14:31

Global lifetime will be only used if the individual crypto map doesn't have a lifetime value configured. In your case since you have a lifetime value configured under the crypto map the router would use that value during security association negotiation with the peer.

HTH

Sundar

Actions

This Discussion