Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
5
Helpful
1
Replies

Site to Site ikev1 VPN enquiry

bmak
Level 1
Level 1

‎10-22-2019 07:52 PM - edited ‎10-22-2019 07:52 PM

Hi,

 

I have an ASA running on an OS 9.0.x.

I am trying to figure out how to see the phase 1 settings i.e the Hash, Encryption, DH group, lifetime that is being used by a particular active VPN connection, I have the information for the peer IP of the VPN connection but I am unable to find a command that displays the phase1 setting currently being used by the VPN connection. 

 

I would also like to know what command is used to set a lifetime on phase2(IPsec) portion of the VPN.

 

Thank you

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎10-23-2019 01:20 AM - edited ‎10-23-2019 01:23 AM

Hi,

Use the command "show crypto ikev2 sa" or "show crypto ikev1 sa" depending on your IKE version in use to display the IKE SA algorithms in use for the active session.

 

The command "crypto map CRYPTO_MAP_NAME 1 set security-association lifetime seconds xxxxxx" to set IPSec SA lifetime.

 

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents