[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] SecuRemote looses ipsec keys after 10 minutes
Hi... I setup a VPN Testsetup with a FW-1 v.4.1SP2 (SR-build 4165) environment. All works fine, but 10 minutes after the sucessful authentication (using ipsec hybrid with securid, ippoolnat) i loose the connection. Regardless if there's traffic flow or not. I did a trace and saw, that short before the connection loss, the client wants to renegotiate the ipsec keys (IKE packets, starting from the client). But the ipsec timeout is set to 3600 se conds. The IKE SA seems still to exist however renegotation of a new ipsec sa fa ils. After 5-10 minutes again I'm able to renegotate an ipsec key through the ik e sa (which is valid again olny for 10 minutes). 2 Questions: - why the ipsec sa keys are only valid for 10 minutes instead of 3600sec? - why does renegotiation of new ipsec keys fail? I thought it's may a timeproblem, but I run xntpd to synchronize times. Is it may possible due to my timezone is EST (GMT-5)? Shouldn't matter? regads, Markus ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|