Crypto lifetime question

Unanswered Question
Apr 16th, 2008
User Badges:

Hi, I have a few VPN's connected to my Cisco Concentrator and ASA. The thing is I have never set the life time on the tunnel on the regional sites configs (877's, 1841's), althought on the ASA and Concentrator I have.


What problem's would this create and should I set this?


e.g. Set security-association lifetime seconds 28800


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Tue, 04/22/2008 - 06:16
User Badges:
  • Silver, 250 points or more

To override the global lifetime value for a particular crypto map entry, which is used when negotiating IP Security security associations,the "set security-association lifetime" command is used in crypto map configuration mode.

Command Syntax:

set security-association lifetime {seconds seconds | kilobytes kilobytes}


For more details about this lifetime settings refer :

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_s2.html#wp1012639

Actions

This Discussion