Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Security Association lifetime question

Working through SNRS Greg Bastien.

I cannot work out what the Security lifetime is used for in Global config mode. I configured the lifetime parameters for both the IKE phase 1 and IPSEC 'crypto map' but then when I did :

'show crypto ipsec security-association'

found that the lifetime was set to 3600 seconds. I'm confused.

1 REPLY

Re: Security Association lifetime question

Global lifetime will be only used if the individual crypto map doesn't have a lifetime value configured. In your case since you have a lifetime value configured under the crypto map the router would use that value during security association negotiation with the peer.

HTH

Sundar

151
Views
5
Helpful
1
Replies