Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
0
Helpful
4
Replies

Help! Weird lifetime vs. lifetime remaining on VPN tunnel...

Sal Robertson
Level 1
Level 1

‎02-04-2014 01:57 PM

I am getting a seriously bizarre set of results here...

8   IKE Peer: <peer IP>

    Type    : L2L             Role    : responder

    Rekey   : no              State   : MM_WAIT_MSG5

    Encrypt : 3des            Hash    : SHA

    Auth    : preshared       Lifetime: 28800

    Lifetime Remaining: 2147480830

Any ideas?!

crypto isakmp policy 16

authentication pre-share

encryption 3des

hash md5

group 1

lifetime 86400


Labels:
0 Helpful
4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎02-04-2014 02:26 PM

Sal,

In this case the IKE exchange is not yet finished, (State   : MM_WAIT_MSG5) does that persist for established IKE sessions?

M.

0 Helpful

Sal Robertson
Level 1
Level 1
In response to Marcin Latosiewicz

‎02-04-2014 07:46 PM

It does not.

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Sal Robertson

‎02-05-2014 12:20 AM

Then it is most likely expected, it could be there to facilitate things like responder_lifetime messages etc.

One other note the IKE policy you've indicated is 3DES & MD5 while you can see that the negotiated one is 3DES & SHA.

0 Helpful

Sal Robertson
Level 1
Level 1
In response to Marcin Latosiewicz

‎02-05-2014 07:25 AM

That would be me referencing the wrong policy.

crypto isakmp policy 1

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

0 Helpful
Customers Also Viewed These Support Documents