01-10-2008 08:32 AM - edited 03-09-2019 07:49 PM
Hi,
I am looking for the command to specify ipsec security association lifetime.
I see the command for setting the lifetime on the isakmp session, but not for the ipsec lifetime. The command I found online is not good in my IOS release...
Solved! Go to Solution.
01-10-2008 08:43 AM
What is the version of IOS that you are running on the router.
You could use
"crypto ipsec security-association lifetime seconds xxxx" in the configuration that lifetime will apply to all the crypto maps configured on the router.
To change the IPSEC lifetime for a specific router, you need to configure the IPSEC lifetime under that specific crypto map. For example:
crypto map TEST 10 ipsec-isakmp
set peer 10.1.1.1
set security-association lifetime seconds xx
match address 100
Regards,
Arul
01-10-2008 08:43 AM
What is the version of IOS that you are running on the router.
You could use
"crypto ipsec security-association lifetime seconds xxxx" in the configuration that lifetime will apply to all the crypto maps configured on the router.
To change the IPSEC lifetime for a specific router, you need to configure the IPSEC lifetime under that specific crypto map. For example:
crypto map TEST 10 ipsec-isakmp
set peer 10.1.1.1
set security-association lifetime seconds xx
match address 100
Regards,
Arul
01-10-2008 08:45 AM
Thank you, that was a great response.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: