Hi, we have a tunnel with ipsec profile and I would like to ask if by default router do rekeying? If Yes, what is the port being use is it udp-500/4500 ? and how we can validate if rekeying is enabled?
From my verification, Not able to see any rekey on crypto session and isakmp sa. Thanks
Sample config: int tunnel 19 tunnel protection ipsec profile TEST_PRO shared ! crypto isakmp profile TEST_IP ca trust-point TRUST_AE match identity host domain test.com ! crypto ipsec transform-set TRANS_TEST esp-aes 256 esp-sha-hmac mode transport ! crypto ipsec profile TEST_PRO set transform-set TRANS_TEST set isakmp-profile TEST_IP show crypto isakmp sa 8872 122.1.1.1 89.31.25.94 INTERN ACTIVE aes sha rsig 5 23:59:32 D Engine-id:Conn-id = SW:2872 8878 122.1.1.1 85.207.75.50 INTERN ACTIVE aes sha rsig 5 0 D Engine-id:Conn-id = ??? (deleted) 8866 122.1.1.1 85.207.75.50 INTERN ACTIVE aes sha rsig 5 0 D Engine-id:Conn-id = ??? (deleted) 8874 122.1.1.1 52.122.1.1 INTERN ACTIVE aes sha rsig 5 23:59:44 DN Engine-id:Conn-id = SW:2874 8859 122.1.1.1 52.122.1.1 INTERN ACTIVE aes sha rsig 5 0 DN Engine-id:Conn-id = ??? (deleted) 8847 122.1.1.1 52.122.1.1 INTERN ACTIVE aes sha rsig 5 0 DN Engine-id:Conn-id = ??? (deleted) Interface: xxx0/0/0 Session status: UP-IDLE Peer: 122.1.1.1 port 500 Session ID: 0 IKEv1 SA: local 122.1.1.1/500 remote 52.122.1.1/500 Active Session ID: 0 IKEv1 SA: local 122.1.1.1/500 remote 52.122.1.1/500 Inactive Session ID: 0 IKEv1 SA: local 122.1.1.1/500 remote 52.122.1.1/500 Inactive 
No comments:
Post a Comment