> I also have another question, not related to the timer, is
> going Vyatta to be listed on the Virtual Private Network
> Consortium site for interoperability logo?
> I do not see why not, looking at its features and from my
> tests with some of the devices listed there.
> http://www.vpnc.org/te
> Hi Stig,
> Yes, you are correct.
> Modifying that value does the trick.
> It's logical actually. After Vyatta boots, it tries automatically to
> bring up the tunnel. That's not bad, but it would be nice if we could
> specify that from the cli. If the tunnel is not needed, why it should be
> up wh
>Stig wrote:
>I think the reason for the immediate re-establishment is the "auto=start"
>value in /etc/ipsec.conf. If you want to experiment you could try logging
>in as root and edit /etc/ipsec.conf and change "auto=start" to "auto=add".
>Then go back into xorpsh and do a "clear vpn ipsec-process"
> To exemplify, the other end of the tunnel is represented by an ISA 2006.
> After about 5-6 minutes, time within the tunnel was idle(no traffic
> exchange between the two sides), ISA will drop the IPsec SA informing
> its tunnel partener about this. The IKE SA is not dropped.
> If the other end o
>Stig wrote
>I'm not sure if this will do what you want, but you might try setting the
>lifetime of the ipsec key with:
>[EMAIL PROTECTED] set vpn ipsec esp-group foo lifetime
>Possible completions:
>[30..86400] Set lifetime in seconds
Hi Stig,
Thank you for your reply.
No, I wasn't talking about
stig
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:vyatta-users-
> [EMAIL PROTECTED] On Behalf Of Adrian F. Dimcev
> Sent: Friday, November 23, 2007 4:51 AM
> To: vyatta-users@mailman.vyatta.com
> Subject: [Vyatta-users] IPsec SA idle timer
>
>
> Hi,
> Ca
Hi,
Can we set on Vyatta an IPsec SA idle timer?
For example the other side of the tunnel has set this timer to 5 min.
If within 5 min no traffic is passing through the tunnel, the IPsec SA
is deleted.
Note that the other end does not support DPD.
>From what I can see, the other side is deleting
