>
    Change the Key Lifetime or Authentication Interval for IKEv2
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. VPNs
    4. Set Up Site-to-Site VPN
    5. Set Up an IKE Gateway
    6. Change the Key Lifetime or Authentication Interval for IKEv2
    Download PDF

    Change the Key Lifetime or Authentication Interval for IKEv2

    Table of Contents
    End-of-Life (EoL)

    Change the Key Lifetime or Authentication Interval for IKEv2

    This task is optional; the default setting of the IKEv2 IKE SA re-key lifetime is 8 hours. The default setting of the IKEv2 Authentication Multiple is 0, meaning the re-authentication feature is disabled. For more information, see SA Key Lifetime and Re-Authentication Interval.
    To change the default values, perform the following task. A prerequisite is that an IKE crypto profile already exists.
    1. Change the SA key lifetime or authentication interval for an IKE Crypto profile.
      1. Select NetworkNetwork ProfilesIKE Crypto and select the IKE Crypto profile that applies to the local gateway.
      2. For the Key Lifetime, select a unit (Seconds, Minutes, Hours, or Days) and enter a value. The minimum is three minutes.
      3. For IKE Authentication Multiple, enter a value, which is multiplied by the lifetime to determine the re-authentication interval.
    2. Commit your changes.
      Click OK and Commit.

    © 2024 Palo Alto Networks, Inc. All rights reserved.