Since we just recently had this happen to us on our network, I can confirm that this is exactly what happens.
Certificate-based VPN's will fail within 24 hours due to the gateways' inability to load the CRL. Pre-shared secret VPN's will continue to operate, presumably indefinitely. Independent IT Consultant <[email protected]> wrote: > > It greatly depends on the *type* of VPN. If using certificates (such > as with Edges or other gateways that are centrally managed), then > the limiting factor is the CRL expiration on the ICA, which is, by > default, 24 hours. In this case, tunnels that can't validate their > certificates will fail after that CRL timeout period. Remember, > it's 24 hours after the last CRL refresh, not necessarily 24 hours > after the SMC went down. With VPNs to external gateways using shared > secret, they may work indefinitely, but I wouldn't guarantee it. > > > On Mon, May 23, 2011 at 12:45 PM, Peter Addy <[email protected]> wrote: > > > Curious, Does anyone know how long would vpn's continue to work if a > > smartcenter was down and not available for ? And if they do stop why > > is this so, or do they simply continue to run but changes not can be > > made until the manager was restored? Thanks -- David DeSimone == Network Admin == [email protected] "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway.
