We have recently change our TBAR timer to allow for latency on the WAN. We have also made some big routing changes to our network.
I noticed that out GETVPN Kek Timer is set to the default as well as our TEK Policy timer.
I was wondering is this looks weird......
GM Reregisters in : 2431 secs Rekey Received(hh:mm:ss) : 2w0d
The rekey used to count down from 24 hours, although I have noticed it is saying two weeks now.
Within the logs I see a rekey -
%CRYPTO-5-GM_REGSTER: Start registration to KS 192.168.220.4 for group getvpn using address 192.168.230.10 : %GDOI-5-GM_REGS_COMPL: Registration to KS 192.168.220.4 complete for group getvpn using address 192.168.230.10
But under show crypto gdoi -
Rekeys received Cumulative : 0 After registration : 0
Was wondering if this is a type of bug that someone has come across?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...