Hi...
I setup a VPN Testsetup with a FW-1 v.4.1SP2 (SR-build 4165) environment.
All works fine, but 10 minutes after the sucessful authentication (using
ipsec
hybrid with securid, ippoolnat) i loose the connection. I did a trace and
saw,
that short before the connection loss, the client wants to renegotiate the
ipsec
keys (IKE packets, starting from the client). But the ipsec timeout is set
to
3600 se conds. The IKE SA seems still to exist however renegotation of a
new ipsec sa fa ils. After 5-10 minutes again I'm able to renegotate an
ipsec
key through the ik e sa (which is valid again olny for 10 minutes).
2 Questions:
- why the ipsec sa keys are only valid for 10 minutes instead of 3600sec?
- why does renegotiation of new ipsec keys fail?
I thought it's may a timeproblem, but I run xntpd to synchronize times.
Is it may possible due to my timezone is EST (GMT-5)? Shouldn't matter?
regads,
Markus
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
