Hi Yusef Lifetime is time after which the tunnel will be torn out. With IPSec VPN, you have two tunnels - ISAKMP and IPSec and hence there are lifetime for phase 1 and 2.
For both phases the default global lifetime will be used, if you don't configure it. You can configure lifetime in Kilobytes (data transfered) and seconds for IPSec. Which ever reaches first is considered and tunnel is torn out. Lifetime in seconds only can be configured for ISAKMP. https://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_c2g.html#wp1070980 With regards Kings On Mon, Jul 12, 2010 at 12:24 PM, yusef sheriff <[email protected]> wrote: > Dear All, > > Can any one explain the lifetime values configured on Phase 1 and Phase 2? > is it really require to configure both values. what happen if lifetime > reaches? what is use of confiugring lifetime in kilobytes > > Can any one give the explanation for blow commands mentioned in blod > > crypto isakmp policy 10 > authentication pre-share > encryption 3des > hash sha > group 2 > *lifetime 86400* > > > crypto ipsec transform-set VPN esp-3des esp-sha-hmac > *crypto ipsec security-association lifetime seconds 28800* > *crypto ipsec security-association lifetime kilobytes 4608000* > ------------> Lifetime is specific to IPSec transform set > crypto map MYMAP_map 1 match address VPN_Access > crypto map MYMAP1 set peer 172.16.4.10 > crypto map MYMAP 1 set transform-set VPN > *crypto map *MYMAP* 1 set security-association lifetime seconds 28800* > *crypto map *MYMAP* 1 set security-association lifetime kilobytes > 4608000 -----------> *Lifetime is specific to crypto map sequence > no 1 > * > *-- > Thanks & Regards, > > Yusef Sherif > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
