cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
478
Views
0
Helpful
1
Replies

Command to find out renegotiate time

dan_track
Level 1
Level 1

Hi,

I'm on my cisco asa 5520 firewall. What command can I run to find out the re-negotiate time on ipsec phase 2 for the sessions I have configured?

Thanks

Dan

1 Accepted Solution

Accepted Solutions

Dan,

The quickest way to get there is probably 'show run | in crypto ipsec'. The command you are looking for is 'crypto ipsec security-association lifetime'.

If you do not see it configured, then your ASA is using the default time of 28,800 seconds (8 hours).

'crypto ipsec security-association lifetime' Command Reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2190165

Hope that helps.

-Mike

View solution in original post

1 Reply 1

Dan,

The quickest way to get there is probably 'show run | in crypto ipsec'. The command you are looking for is 'crypto ipsec security-association lifetime'.

If you do not see it configured, then your ASA is using the default time of 28,800 seconds (8 hours).

'crypto ipsec security-association lifetime' Command Reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2190165

Hope that helps.

-Mike

Review Cisco Networking for a $25 gift card