[vpn-help] Phase 2 lifetime size larger than 1000000
Gert Van Gool
gertvangool at gmail.com
Tue Jan 4 02:35:00 CST 2011
The timeout is 3600 seconds, but the max lifesize is 4194303Kbytes.
-- Gert
Mobile: +32 498725202
Twitter: @gvangool
Web: http://gert.selentic.net
On Tue, Jan 4, 2011 at 09:26, Matthew Grooms <mgrooms at shrew.net> wrote:
> On 1/3/2011 3:32 AM, Gert Van Gool wrote:
>>
>> Hi all,
>>
>> I'm having troubles with my configuration of a VPN.
>> This VPN is currently configured on a Juniper SSG5. But we need/want
>> to move it to a different server.
>> However we can't change anything but the connecting IP on this
>> configuration.
>>
>> I can fill in everything apart from the P2 lifetime size, this should
>> be 4194303 but max size is 1000000.
>> Is there a way to circumvent it (directly editing configuration file)?
>>
>
> You do realize that using a phase2 timeout of 1000000 will allow SA's to
> exist for over 11 days? A typical IPsec SA only lives for an hour or so.
> Even a typical ISAKMP SA only lives for 8 to 24 hours. In any case, I
> suppose you could manually edit the phase2-life-secs value in the registry
> or a file depending on the platform you use. On Windows, the value is stored
> under ...
>
> HKEY_CURRENT_USER\Software\ShrewSoft\vpn\site\[site name]
>
> ... and on Linux/BSD/OSX its stored in the file ...
>
> ~/.ike/sites/[site name]
>
> -Matthew
>
More information about the vpn-help
mailing list