Create a Post
Showing results for 
Search instead for 
Did you mean: 

Life time settings for phase1 and phase 2

If I have 24  hours on phase 1 and 1 hour on phase 2 , if there is no activity for a while, will the tunnel still up for 24 hours?

0 Kudos
1 Reply

The timers are based on when things are initially negotiated.

Phase 1 is for authenticating the endpoints, Phase 2 is for the actual tunnel.

Every hour (assuming there is activity), the Phase 2 tunnel is (re)negotiated.

Every 24 hours (if there is activity), Phase 1 is redone (which requires more CPU).

The one thing you need to make sure is these timers are the same on both ends, or you will have issues.

0 Kudos