fir3net
PPS-Firenetbanner-780.5x190-30-03-17
  • Home
  • Articles
  • Firewalls
  • Cisco
  • What is the difference between a Soft and Hard SA timeout ?

What is the difference between a Soft and Hard SA timeout ?

The are 2 main types of SA (Security Association) lifetimes ; soft and hard.

Soft lifetime - The soft lifetime defines the number of seconds until the IKE process is informed that the SA is about to expire. This is to provide enough time for the creation of a new SA before the hard lifetime is reached.

Hard lifetime - The hard lifetime defines the number of seconds until the SA expires.

Note : On a Cisco ASA the SA lifetime command (see below) configures the hard lifetime.

crypto map mymap 10 set security-association lifetime seconds 86400

Tags: Cisco, VPN, Firewall

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001