*Hi All,*
**
*What exactly happens when lifetime expires ? I know a bit that shared
secret key is changed.....*
**
*I set the lietime in isakmp to 60 secs. After 60 secs I dont see the tunnel
state is QM_IDLE in below command*
**
*but however I see pkts are still encrypting and decrypting . Not sure if
this is a bug or this is the way it should work... in order to make the
tunnel up..everytime I have to use "clear crypto session"*
**
*
-----------------------------------------------------------------------------------------------------------------------------------------------------
*
**
*R1#sh crypto isakmp sa
dst src state conn-id slot status*
*R1#sh crypto sess de
Crypto session current status*
*Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication*
*Interface: FastEthernet0/0
Session status: UP-NO-IKE
Peer: 10.0.23.3 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 10.0.23.3
Desc: (none)
IPSEC FLOW: permit ip host 1.1.1.1 host 3.3.3.3
Active SAs: 4, origin: crypto map
Inbound: #pkts dec'ed 14 drop 0 life (KB/Sec) 4471973/3025
Outbound: #pkts enc'ed 14 drop 1 life (KB/Sec) 4471973/3025*
*R1#sh crypto isakmp sa
dst src state conn-id slot status*
*R1#sh crypto sess de
Crypto session current status*
*Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication*
*Interface: FastEthernet0/0
Session status: UP-NO-IKE
Peer: 10.0.23.3 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 10.0.23.3
Desc: (none)
IPSEC FLOW: permit ip host 1.1.1.1 host 3.3.3.3
Active SAs: 4, origin: crypto map
Inbound: #pkts dec'ed 19 drop 0 life (KB/Sec) 4471972/3014
Outbound: #pkts enc'ed 19 drop 1 life (KB/Sec) 4471972/3014*
*R1#*
Thanks & regards,
--
Taqdir Singh
/Networks / 09911709496
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
