Hi...
I setup a VPN Testsetup with a FW-1 v.4.1SP2 (SR-build 4165) environment.
All works fine, but 10 minutes after the sucessful authentication (using
ipsec
hybrid with securid, ippoolnat) i loose the connection. Regardless if
there's
traffic flow or not. I did a trace and saw, that short before the
connection loss,
the client wants to renegotiate the ipsec keys (IKE packets, starting from
the
client). But the ipsec timeout is set to 3600 se conds. The IKE SA seems
still
to exist however renegotation of a new ipsec sa fa ils. After 5-10 minutes
again I'm able to renegotate an ipsec key through the ik e sa (which is
valid
again olny for 10 minutes).
2 Questions:
- why the ipsec sa keys are only valid for 10 minutes instead of 3600sec?
- why does renegotiation of new ipsec keys fail?
I thought it's may a timeproblem, but I run xntpd to synchronize times.
Is it may possible due to my timezone is EST (GMT-5)? Shouldn't matter?
regads,
Markus
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
