01-10-2008 08:44 AM - edited 02-21-2020 03:28 PM
Hi,
If I use the
crypto IPSEC security-association lifetime command, doesn't that hold for all clients? I'm trying to change it only for one IPSEC sa and i don't want to interrupt any other already existing VPN clients.
is there a way to set it for just one client?
Thanks!
Lisa G
Solved! Go to Solution.
01-10-2008 05:30 PM
you can change it under the crypto map configuration for each individual connection. since you didn't state what device your vpn's are terminated on though, i can't give you a specific example.
the command you gave is global, for which there exists a default lifetime already. 'local' lifetimes for individual crypto maps override this value.
also, if two peers differ in their lifetimes during negotiation, they are 'supposed' to choose the smallest value, but still connect.
01-10-2008 05:30 PM
you can change it under the crypto map configuration for each individual connection. since you didn't state what device your vpn's are terminated on though, i can't give you a specific example.
the command you gave is global, for which there exists a default lifetime already. 'local' lifetimes for individual crypto maps override this value.
also, if two peers differ in their lifetimes during negotiation, they are 'supposed' to choose the smallest value, but still connect.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide