Could someone help me understand Difference between soft lifetime and hard life time in IPSEC VPN
The time interval after which a router/firewall creates a new IPSEC SA (identified by its SPI value) before the existing IPSEC SA one is expires is called IPSEC Soft Lifetime
The time interval after which an existing IPSEC SA (currently being used for encryption and decryption) expires is called IPSEC Hard Lifetime
Soft Lifetime is always less than the Hard Lifetime.
Eg: If the IPSEC SA lifetime is 3600 secs/1 hour then this is called IPSEC Hard Life time.
The IPSEC Soft Lifetime would be 80% of 3600sec/1hr, that is 2880 secs
The exact value depends upon vendor implementation.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!