Hello list, I use an ipsec tunnel between my customer and his appl. provider. The appl. provider has problems transferring a specific datavolumn from time to time. He asked my to change the lifetime from our ipsec connection because he thinks that this could be a problem.
Now I don't know if a established ipsec connection disconnects turing a datatransfer session? So I tried to change the lifetime in phase 1 and 2 with [Global] Retransmits= 5 Exchange-max-time= 120 Default-phase-1-lifetime= 28800,60:86400 Default-phase-2-lifetime= 28800,60:86400 I also change in the following sections [Default-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA-GRP2 Life= Default-phase-1-lifetime [Default-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-PFS-GRP2-SUITE Life= Default-phase-1-lifetime [Default-main-mode-std] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA Life= Default-phase-1-lifetime [Default-quick-mode-std] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-SUITE Life= Default-phase-1-lifetime But the only result i get is $ echo S >> /var/run/isakmpd.fifo $ cat /var/run/isakmpd.result SA name: dacosoft (Phase 1/Initiator) src: x.x.x.x dst: x.x.x.x Lifetime: 3600 seconds Soft timeout in 1518 seconds Hard timeout in 1792 seconds icookie xxxxxxxxxxxxxx rcookie xxxxxxxxxxxxxx SA name: from-to (Phase 2) src: x.x.x.x dst: x.x.x.x Lifetime: 1200 seconds Soft timeout in 329 seconds Hard timeout in 479 seconds SPI 0: 21c6a257 SPI 1: 65d2992e Transform: IPsec ESP Encryption key length: 24 Authentication key length: 20 Encryption algorithm: 3DES Authentication algorithm: HMAC-SHA1 ------------------------------------------- The other site is an sonicwall. The sysop told my that he has changed the setting to 28800 and it works with his other connections. Is there something I did wrong? Thanks for you time. Kind regards. Karl-Heinz
