Showing results for 
Search instead for 
Did you mean: 

How to increase the SA life time

Not applicable

How to increase the SA life time


Currently my company do have IPsec site-to-site route based VPN connections using OSPF routing protocol between our two data centers. The VPN seems working fine. But every one hour [3600seconds] there is renegotitation pf IPSEC phase I and II SA  which thereby result in connection timeout till the renegotitation wind up. The thing is we do have mission critical applications which needs 100% up time. I have tried with the help of Juniper TAC engineers to set the SA  renegotiation to happen once in 24 days but there is no change . Still there is renegotiation. Is there someone who can help on this matter. Comments are highly appreciated.

Dawit A.Kebede [CCIE-written, CCNP, CCNA, HCNE, MCSE, SCSA]

Dawit A. Kebede [CCIE-written, CCNP, CCNA, MCSE, SCSA, HCNE]
Senior Network Engineer