Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2864
Views
5
Helpful
1
Replies

ASA - Disable Phase 2 traffic volume rekey

Patrick0711
Level 3
Level 3

‎12-21-2009 05:37 PM

I'm troubleshooting some issues with a typical L2L VPN using IKE Main Mode w/pre-shared key auth.  I'm using an ASA 5550 w 7.2(3) code.

I'm trying to find a way to disable the phase 2 security association lifetime kilobytes (traffic volume) rekey value.  I know that the ASA will not use this value if it is acting as the responder and the initating device does not include the 'Life Type: Kilobytes' in the Security Association payload, but I'm tyring to find a way to disable this if the ASA is the initiator of the tunnel.

Anyone have any ideas?

As far as I know, this cannot be disabled..

Labels:
0 Helpful
1 Reply 1

busterswt
Level 1
Level 1

‎12-21-2009 07:38 PM

Hey Patrick,

I don't think you can completely disable it, but you can sure set it really high on a per-tunnel basis:

cisco(config)# crypto map rackmap 200 set security-association lifetime kilobytes ?

configure mode commands/options:

  <10-2147483647>  Security association duration in kilobytes (max 2,048 Gigabytes)

Keep it real bro!
James
Customers Also Viewed These Support Documents