Configuring the IPSec SA Lifetime
Just like the IKE tunnel, the IPSec tunnel is valid for a particular time period called a lifetime. You can configure the IPSec lifetime for a specific period of time in seconds, but you can also configure the number of kilobytes (KB) for which the tunnel remains up. The command syntax to configure the IPSec SA lifetime is
crypto ipsec security-association lifetime {seconds seconds | kilobytes kilobytes}
The default IPSec SA lifetime is 3,600 sec (one hour) and 4,608,000KB (10 Mbps). When it reaches either of those maximum values, the IPSec tunnel expires.
 | Before the IPSec is torn down, a new tunnel is renegotiated ... |
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
