Hi,

I am really confused. The Key Server is configured to rekey every 12 hours (43200 Seconds). This is the part of configuraiton :

crypto ipsec profile gdoi-profile-getvpn
set security-association lifetime seconds 43200
set transform-set mygdoi-trans

However, after almost 24 hours, we notice that rekeying is hapenning every 2 hours :

GETVPN-KS1#show crypto gdoi ks members

Group Member Information :

Number of rekeys sent for group getvpn : 404

Group Member ID   : 10.0.50.25
Group ID          : 1234
Group Name        : getvpn
Key Server ID     : 10.0.50.27
Rekeys sent       : 12
Rekeys retries    : 0
Rekey Acks Rcvd   : 12
Rekey Acks missed : 0

Sent seq num :    11    12    13    0
Rcvd seq num :    11    12    13    0

and this is capture of the GM log:

*Apr  5 08:40:43: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 2
*Apr  5 10:40:42: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 3
*Apr  5 12:40:42: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 4
*Apr  5 14:40:42: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 5
*Apr  5 16:40:42: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 6
*Apr  5 18:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 7
*Apr  5 20:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 8
*Apr  5 22:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 9
*Apr  6 00:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 10
*Apr  6 02:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 11
*Apr  6 04:24:16: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 12
*Apr  6 05:10:51: %GDOI-5-GM_RECV_REKEY: Received Rekey for group getvpn from 10.0.50.27 to 10.0.50.25 with seq # 13

It doesn't make sence. Why ??