rekeying timer

Unanswered Question
Nov 20th, 2008

Hello,

i have a problem with the rekeying timer of an ASA5505.

The setting is:

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 5

lifetime 28800

and the ASA show this :

IKE:

Tunnel ID : 556.1

UDP Src Port : 500 UDP Dst Port : 500

IKE Neg Mode : Main Auth Mode : preSharedKeys

Encryption : 3DES Hashing : MD5

Rekey Int (T): 28800 Seconds Rekey Left(T): 26594 Seconds

D/H Group : 5

Filter Name :

but the real rekeying time is 21600 seconds.

The other sides is working with the same parameters and the VPN seems OK.

Does anyone knows why there is a different of 2h ??

Regards

Dieter

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sadbulali Thu, 11/27/2008 - 19:31

Can you provide the error message you are getting so that we will be able to identify the cause and resolve the same.Also check for the configuration so that errors in configuration can be avoided.The timers need to be of the same value.

Actions

This Discussion