If I use the
crypto IPSEC security-association lifetime command, doesn't that hold for all clients? I'm trying to change it only for one IPSEC sa and i don't want to interrupt any other already existing VPN clients.
is there a way to set it for just one client?
you can change it under the crypto map configuration for each individual connection. since you didn't state what device your vpn's are terminated on though, i can't give you a specific example.
the command you gave is global, for which there exists a default lifetime already. 'local' lifetimes for individual crypto maps override this value.
also, if two peers differ in their lifetimes during negotiation, they are 'supposed' to choose the smallest value, but still connect.