Configuring the IPSec SA Lifetime
Just like the IKE tunnel, the IPSec tunnel is valid for a particular time period called a lifetime. You can configure the IPSec lifetime for a specific period of time in seconds, but you can also configure the number of kilobytes (KB) for which the tunnel remains up. The command syntax to configure the IPSec SA lifetime is
crypto ipsec security-association lifetime {seconds seconds | kilobytes kilobytes}
The default IPSec SA lifetime is 3,600 sec (one hour) and 4,608,000KB (10 Mbps). When it reaches either of those maximum values, the IPSec tunnel expires.
Before the IPSec is torn down, a new tunnel is renegotiated ... |