What is the difference between a Soft and Hard SA timeout ?
The are 2 main types of SA (Security Association) lifetimes ; soft and hard.
Soft lifetime - The soft lifetime defines the number of seconds until the IKE process is informed that the SA is about to expire. This is to provide enough time for the creation of a new SA before the hard lifetime is reached.
Hard lifetime - The hard lifetime defines the number of seconds until the SA expires.
Note : On a Cisco ASA the SA lifetime command (see below) configures the hard lifetime.
crypto map mymap 10 set security-association lifetime seconds 86400