06-10-2009 02:32 AM - edited 03-11-2019 08:41 AM
Hi all
Ipsec, L2L, in configuration I set 8h, on both side
IKE Peer: x.y.z.w
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
Encrypt : 3des Hash : SHA
Auth : preshared Lifetime: 28800
Lifetime Remaining: 24897
but in logs, keys are changing in every 6 hours:
Jun 6 11:17:46 masterasa Jun 06 2009 11:17:46: %ASA-4-713903: Group = x.y.z.w, IP = x.y.z.w Freeing previously allocated memory for authorization-dn-attributes
Jun 6 17:17:46 masterasa Jun 06 2009 17:17:46: %ASA-4-713903: Group = x.y.z.w, IP = x.y.z.w, Freeing previously allocated memory for authorization-dn-attributes
Jun 6 23:17:46 masterasa Jun 06 2009 23:17:46: %ASA-4-713903: Group = x.y.z.w, IP = x.y.z.w , Freeing previously allocated memory for authorization-dn-attributes
Jun 7 05:17:47 masterasa Jun 07 2009 05:17:47: %ASA-4-713903: Group = x.y.z.w, IP = x.y.z.w, Freeing previously allocated memory for authorization-dn-attributes
Someone knows what's reason of that ?
thanks
06-10-2009 07:53 AM
i've never seen that before, especially if the lifetime is the same on both sides.
what is the output of "show isa sa detail" on the cisco equipment, and the equivalent output on the other hardware?
06-12-2009 06:01 AM
Hi
it's my sh crypto isakmp sa detail
IKE Peer: x.y.z.w
Type : L2L
Role : initiator
Rekey : no
State : MM_ACTIVE
Encrypt : 3des
Hash : SHA
Auth : preshared Lifetime: 28800
Lifetime Remaining: 12134
my conf:
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
On the netscreen side is exactly the same
i don't have any idea what's the reason of this
greetings
Pavel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide