Did you know that VPNs resend their information after a certain amount of time? Yep, its true. After the lifetime expires, they resend their SA info. You can see the remaining times when you do a show crypto isakmp sa detail on the Cisco ASA.
asa# sh cryp isa sa det
Active SA: 2
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 2
1 IKE Peer: 4.4.4.164
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
Encrypt : 3des Hash : SHA
Auth : preshared Lifetime: 86400
Lifetime Remaining: 42302
2 IKE Peer: 5.5.5.104
Type : user Role : responder
Rekey : no State : AM_ACTIVE
Encrypt : aes Hash : SHA
Auth : preshared Lifetime: 86400
Lifetime Remaining: 28616
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.