Controller Based WLANs

What is IKE and IPSEC rekey interval, and is it configurable?

You can get the lifetime for both isakmp & ipsec from the following two commands,
 
8 hours for IKE, 2 hours for IPSEC. These values are hardcoded into the controller, and are not configurable.
 
(RAP-Local) #show crypto isakmp sa peer   76.103.139.111
 
 Initiator IP: 76.103.139.111
Responder IP: 10.1.1.241
Initiator: No
Initiator cookie:acb7b8a76a914114 Responder cookie:b2bb5e899fcef63b
SA Creation Date: Tue Oct  8 08:26:30 2013
Life secs: 28800            ===>8 hours
Initiator Phase1 ID: ipv4/10.0.0.2
Responder Phase1 ID: ipv4/10.1.1.241
Exchange Type: Main mode
Phase1 Transform: EncAlg:AES HashAlg:SHA DHGroup:#2(1024 bit)
Authentication method: XAuth with Pre-Shared Key
XAuth IP 10.240.14.157, Phase 2 passed
IPSEC SA Rekey Number: 4
Aruba AP
Reference count: 2
 
 
(RAP-Local) #show crypto ipsec sa peer  76.103.139.111
 
 Initiator IP: 76.103.139.111
Responder IP: 10.1.1.241
Initiator: No
Initiator cookie:acb7b8a76a914114 Responder cookie:b2bb5e899fcef63b
SA Creation Date: Tue Oct  8 11:32:37 2013
Life secs: 7200          ======>2hours
Initiator Phase2 ID: 10.240.14.157/255.255.255.255
Responder Phase2 ID: 0.0.0.0/0.0.0.0
Phase2 Transform: EncAlg:esp-aes256 HMAC:esp-sha-hmac
Encapsulation Mode:UDP-encapsulated Tunnel
 PFS: No
OUT SPI 5ffda300, IN SPI 6eb9b600
Inner IP 10.240.14.157, internal type C
Aruba AP
Reference count: 3

Version History
Revision #:
1 of 1
Last update:
‎06-26-2014 10:27 AM
Updated by:
 
Labels (1)
Contributors
Comments
justink84
Arunkumar, Thanks for this post, I was aware about looking at the SA for isakmp / ipsec although I was starting to feel that the lifetime was hardcoded as well. I had attempted to create a new crytomap with the transform-set default-rap-transform although I was not able to increase the keylife of the crypto tunnel.
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.