GetVPN Rekeys

Unanswered Question
Dec 16th, 2009
User Badges:

Hi,


We have recently change our TBAR timer to allow for latency on the WAN. We have also made some big routing changes to our network.


I noticed that out GETVPN Kek Timer is set to the default as well as our TEK Policy timer.


I was wondering is this looks weird......


GM Reregisters in        : 2431 secs
    Rekey Received(hh:mm:ss) : 2w0d


The rekey used to count down from 24 hours, although I have noticed it is saying two weeks now.


Within the logs I see a rekey -


%CRYPTO-5-GM_REGSTER: Start registration to KS 192.168.220.4 for group getvpn using address 192.168.230.10
: %GDOI-5-GM_REGS_COMPL: Registration to KS 192.168.220.4 complete for group getvpn using address 192.168.230.10





But under show crypto gdoi -



    Rekeys received
         Cumulative          : 0
         After registration  : 0


Was wondering if this is a type of bug that someone has come across?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dsandre-toh Thu, 05/27/2010 - 10:44
User Badges:

hi, your isa lifetime should be 1200 on the GMs but defaulted on the KS (86400) - the GM value will take precedence.  the tek life on KS should be 7200sec and the kek should be default of 86400.

Actions

This Discussion

Related Content