06-11-2009 02:59 PM
Hi,
Is it possible to shorten the lifetime of ISAKMP SA's of dynamic remote VPN clients to 1 hr, but leave it alone (default is 24 hrs) for static VPN's? It seems this is a global setting that effects all VPN's equally, is this correct? Thanks, Mitchell
Solved! Go to Solution.
06-12-2009 07:48 AM
crypto isakmp policy 1
lifetime 60
crypto isakmp policy 2
lifetime 86400*
*Since its the default you don't actually have to type it.
06-11-2009 08:10 PM
Yes, use different ISAKMP policies for each type of connection.
06-12-2009 06:23 AM
do these vpn's terminate on an asa or router?
06-12-2009 07:39 AM
The VPN's terminate on a 2851 ISR.
06-12-2009 07:48 AM
crypto isakmp policy 1
lifetime 60
crypto isakmp policy 2
lifetime 86400*
*Since its the default you don't actually have to type it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide