Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

GetVPN Rekeys

Hi,

We have recently change our TBAR timer to allow for latency on the WAN. We have also made some big routing changes to our network.

I noticed that out GETVPN Kek Timer is set to the default as well as our TEK Policy timer.

I was wondering is this looks weird......

GM Reregisters in        : 2431 secs
    Rekey Received(hh:mm:ss) : 2w0d

The rekey used to count down from 24 hours, although I have noticed it is saying two weeks now.

Within the logs I see a rekey -

%CRYPTO-5-GM_REGSTER: Start registration to KS 192.168.220.4 for group getvpn using address 192.168.230.10
: %GDOI-5-GM_REGS_COMPL: Registration to KS 192.168.220.4 complete for group getvpn using address 192.168.230.10

But under show crypto gdoi -


    Rekeys received
         Cumulative          : 0
         After registration  : 0

Was wondering if this is a type of bug that someone has come across?

Thanks

Everyone's tags (1)
1 REPLY
New Member

Re: GetVPN Rekeys

hi, your isa lifetime should be 1200 on the GMs but defaulted on the KS (86400) - the GM value will take precedence.  the tek life on KS should be 7200sec and the kek should be default of 86400.

469
Views
0
Helpful
1
Replies