About networkengineer2

networkengineer2 · 01-15-2026

I've created a VPN successfully from a Cisco FMC managed FTD (v7.4.2.4) to a AWS VPN gateway, but am having issues as the IKEv2 phase 1 SA lifetime doesn't match. The AWS side always uses 28800 and I've configured a policy on the FTD to use 28800 se...

networkengineer2 · 01-15-2026

Thanks for the reply, that does seem an odd way for the standard to be written (negotiating phase 2 lifetime, but not phase 1) but that does seem like correct way to do things, and was even mentioned so in the IKEv2 RFC.We had configured IKE keepaliv...

Member Since	‎01-15-2026 08:19 AM
Date Last Visited	‎01-16-2026 01:09 AM
Posts	3

User Statistics

User Activity

FTD to AWS VPN gateway IKEv2 phase 1 lifetime mismatch

Re: FTD to AWS VPN gateway IKEv2 phase 1 lifetime mismatch