Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3030 -> 501 IKE Proposals

I have noticed my tunnel expires and must be renegotiated before the 86400 sec. I think this is causing my TN3270 app to drop. All other apps stay connected because they retransmit. Is there anything I can do to help a very sensitive app up and running during renegotiated or just extent the timers?

2 REPLIES
Bronze

Re: 3030 -> 501 IKE Proposals

If your configuration is correct, new IPSec SA will be established before the existing one expires, so that the tunnel is not broken. So there should not be any tunnel break during the renegotiations. Make sure you have the same timeout values at both the ends. Extending the timers will lessen the security of the tunnel because the the encryption keys will be used for a longer time.

New Member

Re: 3030 -> 501 IKE Proposals

Thanks for the respons. I'll check the timers

109
Views
0
Helpful
2
Replies
CreatePlease to create content