https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194158#M358943 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The only reason its configured was to show to you that even that is possible.</P><P></P><P>I just configured on my ASA before I answered. In a real situation ofcourse I wouldnt need to have 2 identical policys. The highest policy number would never be applied/matched in a VPN negotiation.</P><P></P><P>They are gone in through from the lowest to the highest value during VPN negotiations.</P><P></P><P>- Jouni</P></BODY></HTML> Thu, 04 Apr 2013 16:21:42 GMT Jouni Forss 2013-04-04T16:21:42Z https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194153#M358932 <P>I'm wondering if it's possible to create an identical policy (3 &amp;4) but with different Lifetime? see below.</P><P></P><P>isakmp policy 3</P><P>authen pre-share</P><P>encrypt Aes</P><P>hash sha</P><P>group 1</P><P>lifetime 246<STRONG>00</STRONG> </P><P></P><P></P><P>isakmp policy 4</P><P>authen pre-share</P><P>encrypt Aes</P><P>hash sha</P><P>group 1</P><P>lifetime 266<STRONG>00</STRONG> </P><P><STRONG></STRONG></P><P><BR />Thanks<STRONG> </STRONG></P><P><STRONG><STRONG> </STRONG></STRONG></P><P></P> Tue, 12 Mar 2019 01:23:30 GMT https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194153#M358932 smetieh001 2019-03-12T01:23:30Z https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194154#M358934 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I dont see a reason why you couldnt do this.</P><P></P><P>For example from my own ASA (just to show that its possible)</P><P></P><UL><LI>Policy 10 and 11 are identical in other ways other than lifetime</LI><LI>Policy 10 and 20 are actually identical in every way other than the priority (10 and 20)</LI></UL><P></P><P></P><P>crypto ikev1 policy 10</P><P> authentication pre-share</P><P> encryption aes-256</P><P> hash sha</P><P> group 2</P><P> lifetime 28800</P><P></P><P>crypto ikev1 policy 11</P><P> authentication pre-share</P><P> encryption aes-256</P><P> hash sha</P><P> group 2</P><P> lifetime 28810</P><P></P><P>crypto ikev1 policy 20</P><P> authentication pre-share</P><P> encryption aes-256</P><P> hash sha</P><P> group 2</P><P> lifetime 28800</P><P></P><P>The configuration format is slightly different than the above as I am using newer software.</P><P></P><P>Hope this helps</P><P></P><P>- Jouni</P></BODY></HTML> Thu, 04 Apr 2013 16:07:49 GMT https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194154#M358934 Jouni Forss 2013-04-04T16:07:49Z https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194155#M358935 <HTML><HEAD></HEAD><BODY><P> Thanks Jouni. thought so too just wanted to be sure.</P></BODY></HTML> Thu, 04 Apr 2013 16:14:42 GMT https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194155#M358935 smetieh001 2013-04-04T16:14:42Z https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194156#M358938 <HTML><HEAD></HEAD><BODY><P> Jouni,</P><P></P><P>Any reason why you have identical phase 1 policy? just curious...</P></BODY></HTML> Thu, 04 Apr 2013 16:19:56 GMT https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194156#M358938 smetieh001 2013-04-04T16:19:56Z https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194157#M358941 <HTML><HEAD></HEAD><BODY><P>No problem,</P><P></P><P>Please mark the question as answered if it did <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>- Jouni</P></BODY></HTML> Thu, 04 Apr 2013 16:20:03 GMT https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194157#M358941 Jouni Forss 2013-04-04T16:20:03Z https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194158#M358943 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The only reason its configured was to show to you that even that is possible.</P><P></P><P>I just configured on my ASA before I answered. In a real situation ofcourse I wouldnt need to have 2 identical policys. The highest policy number would never be applied/matched in a VPN negotiation.</P><P></P><P>They are gone in through from the lowest to the highest value during VPN negotiations.</P><P></P><P>- Jouni</P></BODY></HTML> Thu, 04 Apr 2013 16:21:42 GMT https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194158#M358943 Jouni Forss 2013-04-04T16:21:42Z https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194159#M358944 <HTML><HEAD></HEAD><BODY><P> yeah.. Thanks</P></BODY></HTML> Thu, 04 Apr 2013 16:29:23 GMT https://community.cisco.com/t5/network-security/identical-policy-but-with-a-different-lifetime/m-p/2194159#M358944 smetieh001 2013-04-04T16:29:23Z