show vpn-sessiondb l2l filter ipaddress x.x.x.x
Connection : x.x.x.x
Index : 69987 IP Addr : x.x.x.x
Protocol : IKEv1 IPsec
Encryption : IKEv1: (1)AES256 IPsec: (2)AES256
Hashing : IKEv1: (1)SHA1 IPsec: (2)SHA1
Bytes Tx : 6629603 Bytes Rx : 9801553
Login Time : 07:20:46 UTC Wed Jul 13 2022
Duration : 4h:12m:59s
Tunnel Zone : 0
Some useful items we can see the login time (time of last rekey)
Duration, how long the VPN has been up since then.
You can check
sh crypto isakmp sa detail | b x.x.x.x
IKE Peer: x.x.x.x
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
Encrypt : aes-256 Hash : SHA
Auth : preshared Lifetime: 86400
Lifetime Remaining: 70716
Here you can see the lifetime and lifetime4 remaining. You can use these values to work out when next rekey should be.
86400 / 60 /60 = 24 (hours)
70716 /60 /60 = 19.6 (hours
That matches up to the 4 hour duration so everything looks good there. If you keep checking in on it or are able to monitor the VPN you might spot that is rekeying randomly and that needs to be investigated.
No comments:
Post a Comment