Friday, October 30, 2015

Cisco ASA: VPN Lifetime Count

Did you know that VPNs resend their information after a certain amount of time?  Yep, its true.  After the lifetime expires, they resend their SA info.  You can see the remaining times when you do a show crypto isakmp sa detail on the Cisco ASA.

asa# sh cryp isa sa det
   Active SA: 2
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 2

1   IKE Peer: 4.4.4.164
    Type    : L2L             Role    : initiator
    Rekey   : no              State   : MM_ACTIVE
    Encrypt : 3des            Hash    : SHA
    Auth    : preshared       Lifetime: 86400
    Lifetime Remaining: 42302
2   IKE Peer: 5.5.5.104
    Type    : user            Role    : responder
    Rekey   : no              State   : AM_ACTIVE
    Encrypt : aes             Hash    : SHA
    Auth    : preshared       Lifetime: 86400
    Lifetime Remaining: 28616

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.