rekeying timer

Unanswered Question
Nov 20th, 2008
User Badges:


i have a problem with the rekeying timer of an ASA5505.

The setting is:

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 5

lifetime 28800

and the ASA show this :


Tunnel ID : 556.1

UDP Src Port : 500 UDP Dst Port : 500

IKE Neg Mode : Main Auth Mode : preSharedKeys

Encryption : 3DES Hashing : MD5

Rekey Int (T): 28800 Seconds Rekey Left(T): 26594 Seconds

D/H Group : 5

Filter Name :

but the real rekeying time is 21600 seconds.

The other sides is working with the same parameters and the VPN seems OK.

Does anyone knows why there is a different of 2h ??



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sadbulali Thu, 11/27/2008 - 19:31
User Badges:
  • Bronze, 100 points or more

Can you provide the error message you are getting so that we will be able to identify the cause and resolve the same.Also check for the configuration so that errors in configuration can be avoided.The timers need to be of the same value.


This Discussion