Link to home
Create AccountLog in
Avatar of mac326a
mac326a

asked on

Will changing SA lifetime of VPN tunnel affect other tunnels terminated on my PIX 515e?

Will changing SA lifetime of VPN tunnel affect other tunnels terminated on my PIX 515e?

Some 3rd party is having issues with their VPN tunnels to our PIX.  Their cisco router does not clear old SA's after the PIX has decided upon new ones after the lifetime has expired.  Anyhow, they suggest that lowering the SA on our PIX will 'improve' the situation.

Anyhow, the PIx has other VPN tunnels from other 3rd parties on it.  My question is, will changing the the lifetime of one SA have an effect on the other SA's or vpn tunnels.  I dont fully understand the negotiation process of an SA, but I know it goes down the list of SA's until it finds one acceptable to both hosts.  Since I have 5 separate SA's with priorities 10, 20, - 50, how will changing the SA affect the others?

Will I lose connectivity to the others?

I can post code snippets if required, and I do not know what the router is at the 3rd party site.

Incidentally, they have one site which is PIX.  This works fine.  Also one site with a concetrator, this also works - just not fine with the router.

thanks in advance.
ASKER CERTIFIED SOLUTION
Avatar of batry_boy
batry_boy
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account