Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How low can the security-association lifetime be?

I have been working on a lab deployment before going to production. I found that I had an issue with failover until I reduced the security-association lifetime to 120 seconds on the routers connecting to a PIX. I did not change anything on the PIX

I was wondering if this is going to be an issue with 20 or so routers negotiating their SA every couple of minutes?

How low have you run the security-association lifetime setting in real life production networks?

Do you see any issues with this

1 REPLY
Gold

Re: How low can the security-association lifetime be?

just a quick comment.

first, pix failover should work with the default lifetime.

and second, 20 sites perform re-key every 2 mins will create too much overheads, which i believe will have an impact on the vpn.

332
Views
0
Helpful
1
Replies
CreatePlease to create content