04-04-2013 08:32 AM - edited 03-11-2019 06:23 PM
I'm wondering if it's possible to create an identical policy (3 &4) but with different Lifetime? see below.
isakmp policy 3
authen pre-share
encrypt Aes
hash sha
group 1
lifetime 24600
isakmp policy 4
authen pre-share
encrypt Aes
hash sha
group 1
lifetime 26600
Thanks
Solved! Go to Solution.
04-04-2013 09:07 AM
Hi,
I dont see a reason why you couldnt do this.
For example from my own ASA (just to show that its possible)
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
crypto ikev1 policy 11
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28810
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
The configuration format is slightly different than the above as I am using newer software.
Hope this helps
- Jouni
04-04-2013 09:07 AM
Hi,
I dont see a reason why you couldnt do this.
For example from my own ASA (just to show that its possible)
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
crypto ikev1 policy 11
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28810
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
The configuration format is slightly different than the above as I am using newer software.
Hope this helps
- Jouni
04-04-2013 09:14 AM
Thanks Jouni. thought so too just wanted to be sure.
04-04-2013 09:19 AM
Jouni,
Any reason why you have identical phase 1 policy? just curious...
04-04-2013 09:21 AM
Hi,
The only reason its configured was to show to you that even that is possible.
I just configured on my ASA before I answered. In a real situation ofcourse I wouldnt need to have 2 identical policys. The highest policy number would never be applied/matched in a VPN negotiation.
They are gone in through from the lowest to the highest value during VPN negotiations.
- Jouni
04-04-2013 09:29 AM
yeah.. Thanks
04-04-2013 09:20 AM
No problem,
Please mark the question as answered if it did
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide