Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Command to find out renegotiate time

Hi,

I'm on my cisco asa 5520 firewall. What command can I run to find out the re-negotiate time on ipsec phase 2 for the sessions I have configured?

Thanks

Dan

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Command to find out renegotiate time

Dan,

The quickest way to get there is probably 'show run | in crypto ipsec'. The command you are looking for is 'crypto ipsec security-association lifetime'.

If you do not see it configured, then your ASA is using the default time of 28,800 seconds (8 hours).

'crypto ipsec security-association lifetime' Command Reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2190165

Hope that helps.

-Mike

1 REPLY

Re: Command to find out renegotiate time

Dan,

The quickest way to get there is probably 'show run | in crypto ipsec'. The command you are looking for is 'crypto ipsec security-association lifetime'.

If you do not see it configured, then your ASA is using the default time of 28,800 seconds (8 hours).

'crypto ipsec security-association lifetime' Command Reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2190165

Hope that helps.

-Mike

148
Views
0
Helpful
1
Replies
CreatePlease to create content