02-08-2011 06:16 PM
Hi,
Like to know when the process of SA expired and renew, will it cause the VPN to goes down ?
and how long can pre-shared key support?
Thank you in-advance!
Solved! Go to Solution.
02-08-2011 07:01 PM
Prior to the SA expiry, a new SA will be negotiated and established, therefore, as soon as the old SA expired, there is already new SA that will take place automatically. So to answer your question, for SA rekey, the VPN tunnel will not go down.
The SA lifetime for phase 2 can be configured to a maximum of 214783647 seconds (by default it is 28800 seconds).
Hope that answers your question.
02-08-2011 07:01 PM
Prior to the SA expiry, a new SA will be negotiated and established, therefore, as soon as the old SA expired, there is already new SA that will take place automatically. So to answer your question, for SA rekey, the VPN tunnel will not go down.
The SA lifetime for phase 2 can be configured to a maximum of 214783647 seconds (by default it is 28800 seconds).
Hope that answers your question.
02-08-2011 07:11 PM
Thanks for your explaination. My tunnel always down for 1 min every 8 hours, I don't why and thought its due to SA expired (hmm...have to relook into this)
Any idea what is the max. length for pre-shared key?
Thank you
02-08-2011 07:16 PM
Pls make sure that the lifetime is the same on either end of the VPN peer.
The maximum length of pre-shared key is 128 characters:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/p.html#wp1920453
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide