((Define the IPsec policy)) #crypto ipsec ikev2 ipsec-proposal MYCOMPANY-proposal-1 #protocol esp encryption aes-128 #protocol esp integrity sha-512 # ((do i simply add here the timeout for phase 2, and is this correct syntax-- "lifetime 28000"? If I am not understanding something here, may you please explain?))
I ask this because in the cisco ASA manual it does not mention the need (or ability) to specify a phase 2 timeout.
Secondly, the client asks that the transform set "esp-aes-128-sha-hmac" be used; however, the Cisco ASA manual only examples the above config ((Define the IPsec policy)) without "hmac".
May you please show the correct additional or new config snippet that will satisfy my client's request?