From: David Hiers (David_Hiers@adp.com)
Date: Fri Jan 23 2004 - 11:56:37 GMT-3
I believe that "set security-association" is a per-crypto-map override of the global "lifetime" command.
>From the doc cd:
"To override (for a particular crypto map entry) the global lifetime value, which is used when negotiating IP Security security associations, use the set security-association lifetime command in crypto map configuration mode."
David
********************************************
David Hiers
CCIE, CISSP
ADP Dealer Services
2525 SW First Avenue
Portland, OR 97201
v: 503 402 3703
email: david_hiers@adp.com
********************************************
-----Original Message-----
From: Ellie Chou [mailto:ellie_chou@hotmail.com]
Sent: Thursday, January 22, 2004 8:45 PM
To: ccielab@groupstudy.com
Subject: IPsec-what's the difference between these two timer?
Hi, Can someone tell me what's the difference between the " set
security-association lifetime seconds 1800" under crypto map config and
the " lifetime 1800" under crypto isakmp policy config? thanks! I know
the the first one is the lifetime of a security association but not sure
what the 2nd is for and if they have any corelation. thanks Ellie
------------------------------------------------------------------------
Let the new MSN Premium Internet Software make the most of your
high-speed experience.
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:49 GMT-3