show crypto cisco key-timeout
After an encrypted communication session is established, it is valid for a
specific length of time. After this length of time, the session times out. A
new session must be negotiated, and a new DES (session) key must be
generated for encrypted communication to continue. Use this command to
change the time that an encrypted communication session will last before it
expires (times out):
Loser#show crypto cisco key-timeout
Session keys will be re-negotiated every 30 minutes
Use these commands to determine the length of time before the DES keys are
renegotiated
i would say if u wana overcome this problem in short time
make the tunnel again
-----Original Message-----
From: Luschinsky Slava [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 16, 2001 3:54 PM
To: Farhan Ahmed
Subject: RE: IPSec problem [7:12463]
I try to establish tunnel between two routers. I send you two logs from
every router. Second router first starts negotiation for new SA after
"clear cry sa" then after an hour it starts new key exchange and after that
first router begins to drop packets..
send me the output debug crypto engine
-----Original Message-----
From: Vyacheslav Luschinsky [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 16, 2001 3:06 PM
To: [EMAIL PROTECTED]
Subject: IPSec problem [7:12463]
I have a very strange problem with IPSec, namely with ISAKMP. When it is
time for next key exchange between piers (one in an hour) it goes well
without any problem but all IPSec traffic is droped with messages like
CRYPTO_ENGINE: packets dropped: State = 0 conn_id=2000, pak=81749C44
when I do "clear crypto sa" it starts working till next rekeying. Why could
it happen?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=12470&t=12463
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
