-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fred Damstra wrote: | On Thu, Jun 12, 2008 at 4:51 AM, pkc_mls <[EMAIL PROTECTED]> wrote: |> but I suspect lifetime mismatch for phase 2. | | Isn't SA lifetime negotiated? I thought that SA lifetime would | negotiate down to the lowest of the configurations on the link? Is | that not the case with Checkpoint?
That is how it is supposed to work. A common issue with Cisco is that Check Point may supernet entries which will result in a mismatch. Then there is the tunnel per gateway vs a tunnel per subnet that may through you off-balance. You can start vpn debugging and then read the vpnd.elg file to see what happens. Doing a tcpdump might be a way to learn things too about the actual negotiation. Hugo. - -- [EMAIL PROTECTED] http://hugo.vanderkooij.org/ PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc A: Yes. >Q: Are you sure? >>A: Because it reverses the logical flow of conversation. >>>Q: Why is top posting frowned upon? Bored? Click on http://spamornot.org/ and rate those images. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIUi1SBvzDRVjxmYERAvkaAJ9Ikc0jKzxPHWFYlrSW7B47dg3yegCdFs0u dqN326/SYAseQ2SYnaBD/ds= =a/ne -----END PGP SIGNATURE----- Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
