Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Help! Weird lifetime vs. lifetime remaining on VPN tunnel...

I am getting a seriously bizarre set of results here...

8   IKE Peer: <peer IP>

    Type    : L2L             Role    : responder

    Rekey   : no              State   : MM_WAIT_MSG5

    Encrypt : 3des            Hash    : SHA

    Auth    : preshared       Lifetime: 28800

    Lifetime Remaining: 2147480830

Any ideas?!

crypto isakmp policy 16

authentication pre-share

encryption 3des

hash md5

group 1

lifetime 86400


4 REPLIES
Cisco Employee

Help! Weird lifetime vs. lifetime remaining on VPN tunnel...

Sal,

In this case the IKE exchange is not yet finished, (State   : MM_WAIT_MSG5) does that persist for established IKE sessions?

M.

New Member

Help! Weird lifetime vs. lifetime remaining on VPN tunnel...

It does not.

Cisco Employee

Help! Weird lifetime vs. lifetime remaining on VPN tunnel...

Then it is most likely expected, it could be there to facilitate things like responder_lifetime messages etc.

One other note the IKE policy you've indicated is 3DES & MD5 while you can see that the negotiated one is 3DES & SHA.

New Member

Help! Weird lifetime vs. lifetime remaining on VPN tunnel...

That would be me referencing the wrong policy.

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

133
Views
0
Helpful
4
Replies