Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1199
Views
0
Helpful
2
Replies

Change the DH group in an isakmp policy

Go to solution
ssuttle1
Level 1
Level 1

‎09-20-2023 11:44 AM

If I change the DH group in an ISAKMP policy, will the tunnel automatically start using that group after a period, or do I have to bounce the tunnel interface?  I know that bouncing the interface works to get it to switch over immediately.  But it would be preferable for it to start using the new group automatically without bouncing the interface.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎09-20-2023 02:00 PM

The good news is that policies for the ipsec tunnel are negotiated for a period of time, and when that time is about to expire there is a new negotiation, which would use the new policy. So if you are not a hurry to get the new policy being used then do not bounce and just wait.

HTH

Rick

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎09-20-2023 02:00 PM

The good news is that policies for the ipsec tunnel are negotiated for a period of time, and when that time is about to expire there is a new negotiation, which would use the new policy. So if you are not a hurry to get the new policy being used then do not bounce and just wait.

HTH

Rick
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎09-20-2023 02:12 PM

I am glad that my explanation was helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Top