- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Re: Life time settings for phase1 and phase 2
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Life time settings for phase1 and phase 2
If I have 24 hours on phase 1 and 1 hour on phase 2 , if there is no activity for a while, will the tunnel still up for 24 hours?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The timers are based on when things are initially negotiated.
Phase 1 is for authenticating the endpoints, Phase 2 is for the actual tunnel.
Every hour (assuming there is activity), the Phase 2 tunnel is (re)negotiated.
Every 24 hours (if there is activity), Phase 1 is redone (which requires more CPU).
The one thing you need to make sure is these timers are the same on both ends, or you will have issues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am having problems with this between a VPN azure-checkpoint, could you tell me what is the maximum time that can be set.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For phase 1, maximum value is 70000 minutes, which is almost 49 days and for phase 2, its 86400 seconds, which is 24 hours. Now, keep in mind, even for permanent tunnel, does not always mean it will be up if no traffic. As a matter of fact, from my experience with AWS and Azure, thats usually not the case, unless you initiate traffic.
Cheers,
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not necessarily, as a matter of fact, it usually wont be.