06-11-2009 02:59 PM
Hi,
Is it possible to shorten the lifetime of ISAKMP SA's of dynamic remote VPN clients to 1 hr, but leave it alone (default is 24 hrs) for static VPN's? It seems this is a global setting that effects all VPN's equally, is this correct? Thanks, Mitchell
Solved! Go to Solution.
06-12-2009 07:48 AM
crypto isakmp policy 1
lifetime 60
crypto isakmp policy 2
lifetime 86400*
*Since its the default you don't actually have to type it.
06-11-2009 08:10 PM
Yes, use different ISAKMP policies for each type of connection.
06-12-2009 06:23 AM
do these vpn's terminate on an asa or router?
06-12-2009 07:39 AM
The VPN's terminate on a 2851 ISR.
06-12-2009 07:48 AM
crypto isakmp policy 1
lifetime 60
crypto isakmp policy 2
lifetime 86400*
*Since its the default you don't actually have to type it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: