diff --git a/sysinv/sysinv/sysinv/sysinv/ipsec_auth/common/objects.py b/sysinv/sysinv/sysinv/sysinv/ipsec_auth/common/objects.py
index 2c6342fb5e..28bb6e77be 100644
--- a/sysinv/sysinv/sysinv/sysinv/ipsec_auth/common/objects.py
+++ b/sysinv/sysinv/sysinv/sysinv/ipsec_auth/common/objects.py
@@ -11,6 +11,10 @@ import string
 import time
 import threading
 
+from oslo_log import log as logging
+
+LOG = logging.getLogger(__name__)
+
 
 class State(enum.Enum):
     STAGE_1 = 1
@@ -64,16 +68,17 @@ class State(enum.Enum):
 
 class Token(object):
     VERSION = int(1).to_bytes(1, 'little')
-    EXPIRY_TIME = 5000
+    EXPIRY_TIME = 7000
 
     def __init__(self):
         self.__nonce = secrets.token_bytes(16)  # 128-bit nonce
-        self.__start_time = int(time.time() * 1000)  # 64-bit utc time
+        self.__creation_time = int(time.time() * 1000)  # 64-bit utc time
         self.__content = bytearray(self.VERSION + self.__nonce
-                                   + self.__start_time.to_bytes(8, 'little'))
+                                   + self.__creation_time.to_bytes(8, 'little'))
         self.__used = False
         self.__expired = False
-        self.__timer = self.__set_timer()
+        self.__start_time = 0
+        self.__timer = None
 
         random.shuffle(self.__content)
 
@@ -88,18 +93,32 @@ class Token(object):
 
     def __expire_token(self):
         self.__expired = True
-        self.__timer.cancel()
+        if self.__timer and self.__timer.is_alive():
+            self.__timer.cancel()
+            LOG.info("OTS Token set as expired")
+        else:
+            LOG.info("OTS Token expired")
+        return None
+
+    def activate(self):
+        '''Activate OTS Token timer.'''
+        self.__start_time = int(time.time() * 1000)
+        self.__timer = self.__set_timer()
+        LOG.info("OTS Token activated")
         return None
 
     def purge(self):
         '''Purge the token.'''
         self.__used = True
-        self.__expired = True
         self.__content = bytearray()
+        self.__expire_token()
+        LOG.info("OTS Token purged")
+        return None
 
     def set_as_used(self):
         '''Set token as used.'''
         self.__used = True
+        LOG.info("OTS Token set as used")
         return None
 
     def get_content(self):
@@ -111,7 +130,7 @@ class Token(object):
         time and its usage flag.'''
         period = int(time.time() * 1000) - self.__start_time
         if period >= self.EXPIRY_TIME and not self.__expired:
-            self.__expired = True
+            self.__expire_token()
 
         return not (self.__expired or self.__used)
 
diff --git a/sysinv/sysinv/sysinv/sysinv/ipsec_auth/server/server.py b/sysinv/sysinv/sysinv/sysinv/ipsec_auth/server/server.py
index 3d50a183c1..bda8020813 100644
--- a/sysinv/sysinv/sysinv/sysinv/ipsec_auth/server/server.py
+++ b/sysinv/sysinv/sysinv/sysinv/ipsec_auth/server/server.py
@@ -114,9 +114,13 @@ class IPsecConnection(object):
                 # A readable client socket has data
                 LOG.debug("Received {!r}".format(data))
                 self.state = State.get_next_state(self.state)
+
                 LOG.debug("Preparing payload")
                 msg = self._handle_write(data)
                 sock.sendall(msg)
+
+                if self.state == State.STAGE_2:
+                    self.ots_token.activate()
                 self.state = State.get_next_state(self.state)
             elif self.state == State.STAGE_5 or not data:
                 self.ots_token.purge()