Here are the following concerns my client has in regards to thier configuration. Please give me your thoughts on this situation. -- Here are a few of the Questions we have in relation to the PIX 515 Firewall. We are using IOS 5.2 on the PIX just so you know. We need to Re-IP the Crypto Map used in the PIX to Connect to a Router in Sweden. I know certain statements like the one below will disappear when the Access-List for the VPN is changed. We need to make sure there are no other statements that do something along the same lines. crypto map mymap 5 match address 100 We also want to check that the statements that effect the VPN Tunnel's Lifetime and Bit Size are correct and Reasonable, we have noticed lagging effect on the VPN Tunnel and this could be due to misconfigurations, or just general Internet traffic. This is a experience Question, because these are based on Traffic Flow, the size of the company, the pipe to the Internet, the General Traffic Are all concerns to make when setting these numbers. We use a Full T1 and don't host any Public Services Like DNS, WWW, or FTP for anyone outside of our company. My feeling is these numbers are based off the books and not nessarily based on our Company, therefore they could be incorrect. So I wish to have someone tell me thier feelings on these settings we are currently using. crypto ipsec security-association lifetime seconds 86400 crypto map mymap 5 set security-association lifetime seconds 9600 kilobytes 4608000 There are also Statements that dictate the lifetime of Translations, again we wish to make sure they are reasonable. timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolute Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=4729&t=4729 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
