ISAKMP SA Lifetime question

Answered Question
Jun 11th, 2009
User Badges:

Hi,

Is it possible to shorten the lifetime of ISAKMP SA's of dynamic remote VPN clients to 1 hr, but leave it alone (default is 24 hrs) for static VPN's? It seems this is a global setting that effects all VPN's equally, is this correct? Thanks, Mitchell

Correct Answer by pompeychimes about 8 years 1 week ago

crypto isakmp policy 1

lifetime 60


crypto isakmp policy 2

lifetime 86400*


*Since its the default you don't actually have to type it.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
pompeychimes Thu, 06/11/2009 - 20:10
User Badges:
  • Bronze, 100 points or more

Yes, use different ISAKMP policies for each type of connection.

srue Fri, 06/12/2009 - 06:23
User Badges:
  • Blue, 1500 points or more

do these vpn's terminate on an asa or router?

Correct Answer
pompeychimes Fri, 06/12/2009 - 07:48
User Badges:
  • Bronze, 100 points or more

crypto isakmp policy 1

lifetime 60


crypto isakmp policy 2

lifetime 86400*


*Since its the default you don't actually have to type it.

Actions

This Discussion