change ios vpn crypto lifetime

Unanswered Question
Mar 8th, 2012
User Badges:
Codes: C - IKE configuration mode, D - Dead Peer Detection

       K - Keepalives, N - NAT-traversal
       T - cTCP encapsulation, X - IKE Extended Authentication
       psk - Preshared key, rsig - RSA signature
       renc - RSA encryption

C-id  Local           Remote          I-VRF    Status Encr Hash Auth DH Lifetime Cap.

2014  xxxxx   xxxxx            ACTIVE 3des sha       2  00:58:03 CDXN
       Engine-id:Conn-id =  SW:14

I need to change the above default lifetime to 28800 secs.  I have tried every possible combination to change this but am unsuccessful. The connection defaults to 60 minutes no matter what I do.   Below is my relevant config

crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp fragmentation
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 30 5
crypto isakmp nat keepalive 20
crypto isakmp client configuration group remote
 key xxxxx
 pool SDM_POOL_1
crypto isakmp profile ciscocp-ike-profile-1
   match identity group remote
   client authentication list ciscocp_vpn_xauth_ml_2
   isakmp authorization list ciscocp_vpn_group_ml_2
   client configuration address respond
   virtual-template 1
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac 
crypto ipsec profile CiscoCP_Profile1
 set transform-set ESP-3DES-SHA1 
 set isakmp-profile ciscocp-ike-profile-1
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion