Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

never mind, got the answer!

Hi,

I am looking for the command to specify ipsec security association lifetime.

I see the command for setting the lifetime on the isakmp session, but not for the ipsec lifetime. The command I found online is not good in my IOS release...

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: never mind, got the answer!

What is the version of IOS that you are running on the router.

You could use

"crypto ipsec security-association lifetime seconds xxxx" in the configuration that lifetime will apply to all the crypto maps configured on the router.

To change the IPSEC lifetime for a specific router, you need to configure the IPSEC lifetime under that specific crypto map. For example:

crypto map TEST 10 ipsec-isakmp

set peer 10.1.1.1

set security-association lifetime seconds xx

match address 100

Regards,

Arul

2 REPLIES
Cisco Employee

Re: never mind, got the answer!

What is the version of IOS that you are running on the router.

You could use

"crypto ipsec security-association lifetime seconds xxxx" in the configuration that lifetime will apply to all the crypto maps configured on the router.

To change the IPSEC lifetime for a specific router, you need to configure the IPSEC lifetime under that specific crypto map. For example:

crypto map TEST 10 ipsec-isakmp

set peer 10.1.1.1

set security-association lifetime seconds xx

match address 100

Regards,

Arul

New Member

Re: never mind, got the answer!

Thank you, that was a great response.

125
Views
0
Helpful
2
Replies
CreatePlease to create content