VPN: Site to Site and Remote Access Recommandation for SA and IKE lifetime

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 1 subscriber
Views 917 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Recommandation for SA and IKE lifetime

MaraDE over 17 years ago

Hello,
Does anyone has a good recommandation for the SA and IKE lifetime? Is there a security issue if the values are to high?

This thread was automatically locked due to age.

Parents

0 NimmdirKeks over 17 years ago

Client around 30 minutes.
Site2Site around 60 minutes.

Because thats also the timeout, if for some reason the tunnel only dies on one side.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 NimmdirKeks over 17 years ago

Client around 30 minutes.
Site2Site around 60 minutes.

Because thats also the timeout, if for some reason the tunnel only dies on one side.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 MaraDE over 17 years ago in reply to NimmdirKeks

So, if the timeout period is too long, and the tunnel dies on one side the other side will reestablish the tunnel not until after the period is over? Dead peer detection would than be a work-around for that?

The problem is, that sometimes it takes too long to negotiate the keys and there ist no connection between the endpoints. If I now raise the period, the problems would decrease.
Cancel
Vote Up 0 Vote Down

Cancel