Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
5
Helpful
1
Replies

Security Association lifetime question

philipbarker
Level 1
Level 1

‎06-05-2007 06:59 AM

Working through SNRS Greg Bastien.

I cannot work out what the Security lifetime is used for in Global config mode. I configured the lifetime parameters for both the IKE phase 1 and IPSEC 'crypto map' but then when I did :

'show crypto ipsec security-association'

found that the lifetime was set to 3600 seconds. I'm confused.

Labels:
0 Helpful
1 Reply 1

sundar.palaniappan
Level 10
Level 10

‎06-05-2007 02:31 PM

Global lifetime will be only used if the individual crypto map doesn't have a lifetime value configured. In your case since you have a lifetime value configured under the crypto map the router would use that value during security association negotiation with the peer.

HTH

Sundar

Customers Also Viewed These Support Documents