[vpn-help] Checkpoint Edge 8.0.36x 15 min VPN timeout issue
Matthew Grooms
mgrooms at shrew.net
Tue Apr 20 01:10:47 CDT 2010
On 4/9/2010 12:16 PM, Chris Martin wrote:
> I did some more testing and this is the results I am getting:
>
...
>
> So the issue seems to have something to due with a timing issue in the
> renegotiation of the IKE connection and DHCP renew?
>
> according to Checkpoint docs the VPN client is suppose to renegotiate
> every 24 min and the DHCP lease should be renewed at this time also.
>
> If we can figure out this issue we are more than willing to donate to
> the development… Client works great during time of good connectivity…
> but losing the connection 15 min in and then having to either reconnect
> or wait 33 min for the connection to reconnect properly is a complete
> show stopper..
>
> If this can get fixed I have 100 of users and a few support groups
> looking for a solution to the dreaded Checkpoint lack of support for 64
> bit systems and the embedded VPN in the edge devices.
>
What do you have your phase2 lifetime set to? What does the IKE debug
log output look like when the phase2 SA is negotiated? Does the gateway
send a notice that the SA lifetime should be shorter? What happens if
you manually set the phase2 lifetime to 900 seconds?
-Matthew
More information about the vpn-help
mailing list