Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] SecuRemote looses ipsec keys after 10 minutes

To: [email protected]
Subject: [FW1] SecuRemote looses ipsec keys after 10 minutes
From: [email protected]
Date: Wed, 15 Nov 2000 09:12:29 +0100
Sender: [email protected]

Hi...

I setup a VPN Testsetup with a FW-1 v.4.1SP2 (SR-build 4165)  environment.
All works fine, but 10 minutes after the sucessful authentication (using
ipsec
hybrid with securid, ippoolnat) i loose the connection. Regardless if
there's
traffic flow or not. I did a trace and saw, that short before the
connection loss,
the client wants to renegotiate the ipsec keys (IKE packets, starting from
the
client).  But the ipsec timeout is set to 3600 se conds. The IKE SA seems
still
to exist however renegotation of a new ipsec sa fa ils. After 5-10 minutes
again I'm able to renegotate an ipsec key through the ik e sa (which is
valid
again olny for 10 minutes).
2 Questions:
- why the ipsec sa keys are only valid for 10 minutes instead of 3600sec?
- why does renegotiation of new ipsec keys fail?

I thought it's may a timeproblem, but I run xntpd to synchronize times.
Is it may possible due to my timezone is EST (GMT-5)? Shouldn't matter?

regads,

Markus



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Loose SecuRemote Connection after 10 minutes
Next by Date: Re: [FW1] Any Trendmicro Viruswall users here?
Previous by thread: [FW1] Loose SecuRemote Connection after 10 minutes
Next by thread: [FW1] third party sendmail
Index(es):
- Date
- Thread