Solved: Thank you Jagmeet, but, the

Larry Gelencser · ‎01-28-2016

Hello,

I setup a lan-to-lan vpn between a vendors ASA and mine and it's working, but, the Phase 2 IPsec key time on my side is set at 28800 seconds and the vendors is at 86400. Is there a way to edit my connections profile to match there's? I honestly don't know if this mismatch will cause any issues but figured I'd ask.

Thank you

carlguer · ‎01-28-2016

Hi Larry,

You should be on cofig mode to be able to input the command.

ciscoasa(config)# crypto map Outside_map 2 set security-association lifetime seconds 86400

View solution in original post

jagmeesi · ‎01-28-2016

HI Larry

You can put the following statement to the Crypto map sequence of the intended peer.

crypto map <map_name> <sequence> set security-association lifetime seconds 86400

Though its not a mismatch, they are gonna negotiate on the lower value.

Regards

Jagmeet

Larry Gelencser · ‎01-28-2016

Thank you Jagmeet, but, the command is not working.

ciscoasa# crypto map Outside_map 2 set security-association lifetime seconds 86400

crypto map Outside_map 2 set security-association lifetime seconds 86400

^

ERROR: % Invalid input detected at '^' marker.

carlguer · ‎01-28-2016

Hi Larry,

You should be on cofig mode to be able to input the command.

ciscoasa(config)# crypto map Outside_map 2 set security-association lifetime seconds 86400

Larry Gelencser · ‎01-28-2016

Thank You! I'm such a noob and didn't know I had to be in config mode...

Edit Rekey time Interval