Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
5
Helpful
1
Replies

Security Association lifetime question

philipbarker
Level 1
Level 1

‎06-05-2007 06:59 AM

Working through SNRS Greg Bastien.

I cannot work out what the Security lifetime is used for in Global config mode. I configured the lifetime parameters for both the IKE phase 1 and IPSEC 'crypto map' but then when I did :

'show crypto ipsec security-association'

found that the lifetime was set to 3600 seconds. I'm confused.

Labels:
0 Helpful
1 Reply 1

sundar.palaniappan
Level 10
Level 10

‎06-05-2007 02:31 PM

Global lifetime will be only used if the individual crypto map doesn't have a lifetime value configured. In your case since you have a lifetime value configured under the crypto map the router would use that value during security association negotiation with the peer.

HTH

Sundar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents