How to monitor IPSec and to improve the connection?

I have a connection with a remote partner via IPsec it cisco ASA, and I don't really know what he's prescribed TIME values of type keepalive (and information not given)

So would like to know what theory means for monitoring IPsec(strongswan) on Linux?

And the same question
established 18938s ago, reauth in 66511s
installed 13182s ago, rekeying in 72176s expires in 73219s

How to make sure that these values always grew, and not be reset ( screenshot below)
59d594ed89270531279170.png
June 14th 19 at 19:59
1 answer
June 14th 19 at 20:01
Enable log in strongswan, during a first phase, Tami will be the timings of the exchange, and the second phase will have their own timings. But depending on who You have who clings and as a coordinated Union, the timings can get a minimum of two negotiated options. That is, they cannot increase, only decrease. Do they have enough large.
Yes, and how to identify someone who clings ?
I don't like that the values are zero, this is as it should be? - damion_King commented on June 14th 19 at 20:04
IPSec - not the easiest thing, I highly recommend to go to the Cisco website and read the educational materials in a nutshell here is not to explain.
Timers and should be zeroed out - there is a periodic changing of the key compounds that made no sense to break it. The key second phase is changing more - there is the approval procedure is simplified. The first key phase is changed less frequently - and the approval procedure is completely.
To define who to whom clings - on log. The initiator sends a packet first - Esta_Upton commented on June 14th 19 at 20:07

Find more questions by tags CiscoLinuxVPN