What is the difference between a Soft and Hard SA timeout ?

The are 2 main types of SA (Security Association) lifetimes ; soft and hard.

Soft lifetime – The soft lifetime defines the number of seconds until the IKE process is informed that the SA is about to expire. This is to provide enough time for the creation of a new SA before the hard lifetime is reached.

Hard lifetime – The hard lifetime defines the number of seconds until the SA expires.

Note : On a Cisco ASA the SA lifetime command (see below) configures the hard lifetime.

crypto map mymap 10 set security-association lifetime seconds 86400
Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial