I want to set a long isakmp lifetime on tunnels running between a PIX and an IOS router. I set "isakmp policy 1 lifetime 86400" on the PIX and "lifetime 86400" under the isakmp policy on the IOS router. However, when the IOS routers establish a tunnel they only get a 3600 second lifetime. I tested with a PIX-to-PIX and they did establish a 86400 second tunnel. Do I have to do something extra to the routers?
I stopped by this forum to look for an answer to a problem I'm having regarding IPSEC SA lifetimes on an IOS router, and just read up about an hour ago on this in the Cisco Documentation. The 3600 seconds you get is the IPSEC SA lifetime which is different than the isakmp liftetime. The command on the IOS router from global config is: "crypto ipsec security-association lifetime seconds 86400" This is for the IOS router I don't know what the command is on the PIX.
By default, on Cisco routers the ISAKMP lifetime is 86400 secs and the IPSec lifetime 3600 secs. For proper working of VPN, both the values should be adjusted judiciously depending on your business scenarios. It is advisable to have IPSec SA lifetime less than or equal to ISAKMP lifetime to avoid tearing down of the VPN tunnels frequently.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...