03-28-2006 03:03 AM - edited 03-03-2019 12:12 PM
I have a strange problem that I can't add a lifetime to the "crypto isakmp policy 2". When I try to add lifetime 86400 from CLI it doesn't retain the setting. If I add say 600 seconds it does. If I do lifetime ? 86400 is supported (24hr). It will also let me enter this from the SDM but the setting doesnt add it to the config. This is the ipsec relevant section of the config:
crypto isakmp policy 2
hash md5
authentication pre-share
group 2
--- trying to add lifetime here 86400
crypto isakmp key KEYHERE address 217.x.x.90
crypto isakmp key KEYHERE address 195.x.x.90
crypto isakmp key KEYHERE address 81.x.x.90
crypto isakmp keepalive 10 10 periodic
!
crypto ipsec security-association lifetime seconds 28800
!
crypto ipsec transform-set PIX esp-des esp-md5-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to217.196.250.90
set peer 217.196.250.90
set transform-set PIX
set pfs group2
match address 103
crypto map SDM_CMAP_1 2 ipsec-isakmp
description Tunnel to195.172.169.90
set peer 195.172.169.90
set peer 81.149.144.90
set transform-set PIX
match address 105
!
03-28-2006 03:07 AM
Hey Mate,
That's because the default lifetime is 86400 seconds... as you know, IOS in general does not display commands when you set them to the default value.
Hope that helps - pls rate the post if it does.
Paresh
03-30-2006 09:08 AM
Hi, I thought the default lifetime is 3600 seconds.
03-30-2006 09:15 AM
Hi,
Here's a link to the command reference description for the command, where it states that the default lifetime is 86400 seconds:
Paresh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide