Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Loose SecuRemote Connection after 10 minutes

To: [email protected]
Subject: [FW1] Loose SecuRemote Connection after 10 minutes
From: [email protected]
Date: Wed, 15 Nov 2000 08:53:19 +0100
Sender: [email protected]

Hi...

I setup a VPN Testsetup with a FW-1 v.4.1SP2 (SR-build 4165)  environment.
All works fine, but 10 minutes after the sucessful authentication (using
ipsec
hybrid with securid, ippoolnat) i loose the connection. I did a trace and
saw,
that short before the connection loss, the client wants to renegotiate the
ipsec
keys (IKE packets, starting from the client).  But the ipsec timeout is set
to
3600 se conds. The IKE SA seems still to exist however renegotation of a
new ipsec sa fa ils. After 5-10 minutes again I'm able to renegotate an
ipsec
key through the ik e sa (which is valid again olny for 10 minutes).
2 Questions:
- why the ipsec sa keys are only valid for 10 minutes instead of 3600sec?
- why does renegotiation of new ipsec keys fail?

I thought it's may a timeproblem, but I run xntpd to synchronize times.
Is it may possible due to my timezone is EST (GMT-5)? Shouldn't matter?

regads,

Markus



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Q: when will FW-1 for Solaris 8 be available
Next by Date: [FW1] SecuRemote looses ipsec keys after 10 minutes
Previous by thread: [FW1] Q: when will FW-1 for Solaris 8 be available
Next by thread: [FW1] SecuRemote looses ipsec keys after 10 minutes
Index(es):
- Date
- Thread