site-to-site IPSEC vpn tunnel drops

Unanswered Question
Sep 25th, 2007

I have be testing our vpn connection and I have come up with a pattern of when we lose the telnet/ssh connection to our HQ.

It happens between 20 minutes and 25 minutes after the hour. In other words, I lose my connection at:

23:22

00:23

01:23

02:23

03:25

I'm not sure if it has to do with my IKE SA set at 28000...

can anyone please advise why my tunnel keeps on dropping? does it really have to do with the SA?

thanks,

brian

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vkapoor5 Thu, 10/04/2007 - 06:32

If the users are frequently disconnected across the L2L tunnel, the problem can be the lesser lifetime configured in ISAKMP SA.

The default is 86,400 seconds or 24 hours. As a general rule, a shorter lifetime provides more secure ISAKMP negotiations (up to a point), but, with shorter lifetimes, the security appliance sets up future IPSec SAs more quickly.

Actions

This Discussion