Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Brianpiraty_Ale
Contributor

Life time settings for phase1 and phase 2

If I have 24  hours on phase 1 and 1 hour on phase 2 , if there is no activity for a while, will the tunnel still up for 24 hours?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

The timers are based on when things are initially negotiated.

Phase 1 is for authenticating the endpoints, Phase 2 is for the actual tunnel.

Every hour (assuming there is activity), the Phase 2 tunnel is (re)negotiated.

Every 24 hours (if there is activity), Phase 1 is redone (which requires more CPU).

The one thing you need to make sure is these timers are the same on both ends, or you will have issues.

0 Kudos
Luis1980
Participant

I am having problems with this between a VPN azure-checkpoint, could you tell me what is the maximum time that can be set.

0 Kudos
the_rock
Legend
Legend

For phase 1, maximum value is 70000 minutes, which is almost 49 days and for phase 2, its 86400 seconds, which is 24 hours. Now, keep in mind, even for permanent tunnel, does not always mean it will be up if no traffic. As a matter of fact, from my experience with AWS and Azure, thats usually not the case, unless you initiate traffic.

Cheers,

Andy

0 Kudos
the_rock
Legend
Legend

Not necessarily, as a matter of fact, it usually wont be.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events