The configured expiration policy exclusively applies to administrator logins. IPsec pre-shared keys are not subject to this policy and will remain valid indefinitely unless manually modified, thereby not affecting tunnel continuity.

This will take effect when the user tries to change the tunnels' pre-shared key; during that time, the password policy will take effect, and the user will have to match the conditions defined under the password policy.

The password policy is enforced only when a user attempts to update the pre-shared key for IPsec VPN tunnels. At that point, the system will require compliance with the defined policy parameters, such as minimum character length and ensuring the new password differs from the previous one.