Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 915 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recommandation for SA and IKE lifetime

MaraDE
Hello,
Does anyone has a good recommandation for the SA and IKE lifetime? Is there a security issue if the values are to high?


This thread was automatically locked due to age.
  • 0
    Client around 30 minutes.
    Site2Site around 60 minutes. 

    Because thats also the timeout, if for some reason the tunnel only dies on one side.
  • 0 in reply to NimmdirKeks
    So, if the timeout period is too long, and the tunnel dies on one side the other side will reestablish the tunnel not until after the period is over? Dead peer detection would than be a work-around for that?

    The problem is, that sometimes it takes too long to negotiate the keys and there ist no connection between the endpoints. If I now raise the period, the problems would decrease.
Cookie Information Banner