Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
6
Replies

identical policy but with a different Lifetime

Go to solution
smetieh001
Level 1
Level 1

‎04-04-2013 08:32 AM - edited ‎03-11-2019 06:23 PM

I'm wondering if it's possible to create an identical policy (3 &4) but with different Lifetime? see below.

isakmp policy 3

authen pre-share

encrypt Aes

hash sha

group 1

lifetime 24600

isakmp policy 4

authen pre-share

encrypt Aes

hash sha

group 1

lifetime 26600


Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎04-04-2013 09:07 AM

Hi,

I dont see a reason why you couldnt do this.

For example from my own ASA (just to show that its possible)

  • Policy 10 and 11 are identical in other ways other than lifetime
  • Policy 10 and 20 are actually identical in every way other than the priority (10 and 20)

crypto ikev1 policy 10

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 28800

crypto ikev1 policy 11

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 28810

crypto ikev1 policy 20

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 28800

The configuration format is slightly different than the above as I am using newer software.

Hope this helps

- Jouni

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎04-04-2013 09:07 AM

Hi,

I dont see a reason why you couldnt do this.

For example from my own ASA (just to show that its possible)

  • Policy 10 and 11 are identical in other ways other than lifetime
  • Policy 10 and 20 are actually identical in every way other than the priority (10 and 20)

crypto ikev1 policy 10

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 28800

crypto ikev1 policy 11

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 28810

crypto ikev1 policy 20

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 28800

The configuration format is slightly different than the above as I am using newer software.

Hope this helps

- Jouni

0 Helpful

Go to solution
smetieh001
Level 1
Level 1
In response to Jouni Forss

‎04-04-2013 09:14 AM

Thanks Jouni. thought so too just wanted to be sure.

0 Helpful

Go to solution
smetieh001
Level 1
Level 1
In response to smetieh001

‎04-04-2013 09:19 AM

Jouni,

Any reason why you have identical phase 1 policy? just curious...

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to smetieh001

‎04-04-2013 09:21 AM

Hi,

The only reason its configured was to show to you that even that is possible.

I just configured on my ASA before I answered. In a real situation ofcourse I wouldnt need to have 2 identical policys. The highest policy number would never be applied/matched in a VPN negotiation.

They are gone in through from the lowest to the highest value during VPN negotiations.

- Jouni

0 Helpful

Go to solution
smetieh001
Level 1
Level 1
In response to Jouni Forss

‎04-04-2013 09:29 AM

yeah.. Thanks

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to smetieh001

‎04-04-2013 09:20 AM

No problem,

Please mark the question as answered if it did

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card