cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
869
Views
0
Helpful
1
Replies

GetVPN Rekeys

bradleyordner
Level 3
Level 3

Hi,

We have recently change our TBAR timer to allow for latency on the WAN. We have also made some big routing changes to our network.

I noticed that out GETVPN Kek Timer is set to the default as well as our TEK Policy timer.

I was wondering is this looks weird......

GM Reregisters in        : 2431 secs
    Rekey Received(hh:mm:ss) : 2w0d

The rekey used to count down from 24 hours, although I have noticed it is saying two weeks now.

Within the logs I see a rekey -

%CRYPTO-5-GM_REGSTER: Start registration to KS 192.168.220.4 for group getvpn using address 192.168.230.10
: %GDOI-5-GM_REGS_COMPL: Registration to KS 192.168.220.4 complete for group getvpn using address 192.168.230.10

But under show crypto gdoi -


    Rekeys received
         Cumulative          : 0
         After registration  : 0

Was wondering if this is a type of bug that someone has come across?

Thanks

1 Reply 1

dsandre-toh
Level 1
Level 1

hi, your isa lifetime should be 1200 on the GMs but defaulted on the KS (86400) - the GM value will take precedence.  the tek life on KS should be 7200sec and the kek should be default of 86400.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: