Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Phase 1 and Phase 2 lifetimes

Hi All,

I have a question.

Is that a big problem to have different Phase 2 lifetimes configured on L2L VPN tunnels on both ends?

Like one end has P1 lifetime set to 86400 P2 lifetime set to 86400 and remote end has P1 set to 86400 and P2 set to 28800.

Thanks!

3 REPLIES

Phase 1 and Phase 2 lifetimes

Its also part of Phase 1-2 Proposals mismatch will cause termination of tunnel.Should be same on both End.

Thanks

Ajay

New Member

Phase 1 and Phase 2 lifetimes

I know that they will cause termination of the tunnel, because these timers are intended to do this.

The thing is that one end will terminate after 86400 and the other end will terminate after 28800.

So which end will force the lifetime timeout?

Depends on originator and responder? I.e. originator forces the timers on the remote end?

New Member

Phase 1 and Phase 2 lifetimes

http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/isakmp.html#wp6739

Then, if the lifetimes are not equal, the shorter lifetime will be selected. To restate this behavior: If the two peer's policies' lifetimes are not the same, the initiating peer's lifetime must be longer and the responding peer's lifetime must be shorter, and the shorter lifetime will be used.

1688
Views
0
Helpful
3
Replies
CreatePlease login to create content