Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1169
Views
0
Helpful
3
Replies

ISAKMP lifetime

Go to solution
Mickael.S
Level 1
Level 1

‎01-28-2022 02:16 AM - edited ‎01-28-2022 02:20 AM

Hello all,

I am creating a script to simulate the traffic in my isakmp. For this, I am looking for the lifetime of the isakmp tunnel so that I can align myself correctly with it to keep it active and avoid it deactivating after a while.

Where can I find its lifetime? I tried the command ''show crypto isakmp policy'' but I don't know if this is the right place.

 

Thanks in advance for your answer

Mickaël.

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎01-28-2022 02:49 AM

"show crypto isakmp policy" is the right place to see your configured lifetime. But it is negotiated with the peer so it could be lower. With "show crypto isakmp sa detail" you can see the remaining lifetime and in the debug you see what got negotiated.

With IKEv2 it's getting a little more complex as both peers can have individual lifetimes.

If you want to keep the tunnel up, just trigger your traffic frequently.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Karsten Iwen
VIP
VIP

‎01-28-2022 02:49 AM

"show crypto isakmp policy" is the right place to see your configured lifetime. But it is negotiated with the peer so it could be lower. With "show crypto isakmp sa detail" you can see the remaining lifetime and in the debug you see what got negotiated.

With IKEv2 it's getting a little more complex as both peers can have individual lifetimes.

If you want to keep the tunnel up, just trigger your traffic frequently.

0 Helpful

Go to solution
Mickael.S
Level 1
Level 1
In response to Karsten Iwen

‎01-28-2022 05:01 AM

Hello,

I appreciate you answering me,

Okay, I see.
Thank you for your reply.

 

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP

‎01-28-2022 02:02 PM

Just to add on this what Karsten said. if you running isakmp version 1 in this case lower lifetime vaule will have a priority between two peers. let say site A router isakmp lifetime set as 8600 and site B router isakmp lifetime is 2200. in this case the lower value have priority and SiteA router will adjust itself to SiteB. either if Site A is the vpn-tunnel initatior or responder.

 

if running the isakmp version 2 in that case lifetime does not matter.

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents