I am not sure with NG, but many some vendors will negotiate to the lowest commen denominator. In other words, the two would agree on the lower SA expiration value. You should be able to dump traffic, and see what they are trying to negotiate.
-Aaron -----Original Message----- From: Lien, Alex [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 4:23 PM To: [EMAIL PROTECTED] Subject: [FW-1] How to set IKE SA renegotiation time per VPN tunnel on NG. Hi all, I am using a Checkpoint NG FP2. Is it possible to set IKE SA renegotiation time per VPN tunnel? I am doing VPN link to a partner who is using a Linux FreeS/WAN that does not support an IKE SA renegotiation time above 480 minutes. My IKE SA renegotiation time on the NG is already set to 10080 and can not be changed due to dependency to other VPN links. Thank you for your help. Alex ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
