01-30-2008 11:49 AM - edited 02-21-2020 03:31 PM
Hi, how can I find the L2L phase II lifetime in ASA?
Thank you!
01-30-2008 12:00 PM
AQre you looking for the times showed with this command..?
ASA# sh vpn-sessiondb l2l
< >
Login Time : 06:21:40 EST Mon Jan 28 2008
Duration : 2d 8h:36m:46s
< >
hth
MS
01-30-2008 12:11 PM
I am looking for IPSec lifetime.
01-31-2008 06:22 AM
sh running-config all | inclu lifetime
If you haven't defined any explicit lifetimes, the defaults will be visible in the output of that command.
Keep in mind, when bringing up a vpn, if two peers differ on lifetimes, they will negotiate on the lowest lifetime of the initiator - at least when peering with Cisco equipment. With non-Cisco peers, you should make sure lifetimes match up.
01-31-2008 09:59 AM
VXR7206_1#sh crypto ipsec profile
IPSEC profile VPN
Stateful HA configured, group EXTERNAL
Security association lifetime: 4608000 kilobytes/3600 seconds
PFS (Y/N): N
Transform sets={
aes256,
aes192,
aes,
3dessha,
3desmd5,
}
IPSEC profile sso
Security association lifetime: 4608000 kilobytes/3600 seconds
PFS (Y/N): N
Transform sets={
test,
}
VXR7206_1#sh crypto ipsec security
Security association lifetime: 4608000 kilobytes/3600 seconds
VXR7206_1#
CCIE Security
02-01-2008 05:58 AM
cisco24x7 ,
those commands don't work on the ASA's.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide