Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

problem with lifetime parameter on ipsec

hi

when i do show crypto session detail command i get this following massage:

Interface: FastEthernet0/1

Session status: UP-ACTIVE

Peer: 172.30.102.101/500 fvrf: (none) ivrf: (none)

Phase1_id: 172.30.102.101

Desc: (none)

IKE SA: local 172.30.102.102/500 remote 172.30.102.101/500 Active

Capabilities:D connid:84 lifetime:23:55:29

IPSEC FLOW: permit ip 172.30.102.100/255.255.255.252 172.30.102.100/255.255.25

5.252

Active SAs: 2, origin: crypto map

Inbound: #pkts dec'ed 16 drop 0 life (KB/Sec) 4477653/3329

Outbound: #pkts enc'ed 16 drop 4 life (KB/Sec) 4477653/3329

That mean i have a lifetime with as appear in the example : 23:55:29, and after that time the the ipsec is getting down.

how can i disable this life time,that the ipsec(crypto)work allways.

thanks.

3 REPLIES

Re: problem with lifetime parameter on ipsec

hi

You can have either volume based or time based IKE SA.In general time based life tiem is being used .

The max limite being 86,400 Seconds which comes upto 24 Hrs which always works fine and you can tweak the lifetime to different parameters as per your requirment.

you can make use of this cli for tweaking the same -- isakmp policy 30 lifetime 10000 --

regds

Community Member

Re: problem with lifetime parameter on ipsec

but affter 24 hrs. the ipsec session between the two router is get down.

and i want that the session will be allways up.

thank.

Silver

Re: problem with lifetime parameter on ipsec

The timer value is an absolute value. If you have interesting traffic flowing on the tunnel the tunnel will not go down even after the timer expires. The tunnel will rekey itself prior to the expiration of the timer and continue with a new hash key and the timer will go to its max value again.

This feature allows for the changing of keys periodically even if the tunnel still has traffic on it. You do not need to worry about the tunnel going down as long as you have traffic on it...

125
Views
0
Helpful
3
Replies
CreatePlease to create content