Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
963
Views
0
Helpful
4
Replies

Lifetime parameter in VPN

prichetakashyap
Level 1
Level 1

‎08-21-2008 04:57 AM

Hi,

I have following query:

Is the lifetime parameter setting should be identical on both side firewall for both Phase-1 and Phase-2? or it can be different?

thnx

Labels:
0 Helpful
4 Replies 4

Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-21-2008 05:05 AM

not must identical but better, When this lifetime expires, the IPsec peers renegotiate IKE phase 1

Many people choose to leave the IKE SA lifetime at the default value of 86400. It is worth noting, however, that the longer the lifetime, the less secure the SA is. The SA is less secure with a longer lifetime because with a longer lifetime an attacker has more time to collect encrypted traffic and subject it to cryptanalysis (attempt to recover the plaintext). However, a shorter IKE lifetime causes IPsec peers to have to renegotiate IKE more often

please, if helpful Rate

0 Helpful

prichetakashyap
Level 1
Level 1
In response to Marwan ALshawi

‎08-21-2008 11:08 PM

thanks for the detail but do the re-negotiation affects running ipsec-tunnel? that if tunnel disconnects?

thanks

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to prichetakashyap

‎08-21-2008 11:23 PM

no dose not effect the running one

please if helpful Rate

0 Helpful

mahesh18
Level 6
Level 6
In response to Marwan ALshawi

‎08-18-2013 12:55 PM

Hi Marwanshawi,

I was looking for same info which you answered here.

Regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents