Security Association lifetime question

Unanswered Question
Jun 5th, 2007
User Badges:

Working through SNRS Greg Bastien.

I cannot work out what the Security lifetime is used for in Global config mode. I configured the lifetime parameters for both the IKE phase 1 and IPSEC 'crypto map' but then when I did :

'show crypto ipsec security-association'

found that the lifetime was set to 3600 seconds. I'm confused.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
sundar.palaniappan Tue, 06/05/2007 - 14:31
User Badges:
  • Green, 3000 points or more

Global lifetime will be only used if the individual crypto map doesn't have a lifetime value configured. In your case since you have a lifetime value configured under the crypto map the router would use that value during security association negotiation with the peer.




This Discussion