ike phase 1 lifetime, asa with netscreen

Discussion in 'Cisco' started by Bart, Jun 9, 2009.

  1. Bart

    Bart Guest

    Hi all

    Ipsec, L2L, in configuration I set 8h, on both side


    IKE Peer: x.y.z.w
    Type : L2L Role : initiator
    Rekey : no State : MM_ACTIVE
    Encrypt : 3des Hash : SHA
    Auth : preshared Lifetime: 28800
    Lifetime Remaining: 24897


    but in logs, keys are changing in every 6 hours:


    Jun 6 11:17:46 masterasa Jun 06 2009 11:17:46: %ASA-4-713903: Group =
    x.y.z.w, IP = x.y.z.w Freeing previously allocated memory for
    authorization-dn-attributes

    Jun 6 17:17:46 masterasa Jun 06 2009 17:17:46: %ASA-4-713903: Group =
    x.y.z.w, IP = x.y.z.w, Freeing previously allocated memory for
    authorization-dn-attributes

    Jun 6 23:17:46 masterasa Jun 06 2009 23:17:46: %ASA-4-713903: Group =
    x.y.z.w, IP = x.y.z.w , Freeing previously allocated memory for
    authorization-dn-attributes

    Jun 7 05:17:47 masterasa Jun 07 2009 05:17:47: %ASA-4-713903: Group =
    x.y.z.w, IP = x.y.z.w, Freeing previously allocated memory for
    authorization-dn-attributes

    Someone knows what's reason of that ?

    thanks
    Bart
     
    Bart, Jun 9, 2009
    #1
    1. Advertisements

  2. Bart

    bod43 Guest

    I am not an IPSEC expert however I understand that new keys are
    generated
    before the old ones expire so that valid keys are always available.

    Perhaps this is what you are observing?

    Maybe I am too far towards the pragmatic side however I would not be
    concerned
    by this unless other symptoms were present:)
     
    bod43, Jun 11, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.