I have several sites up and running on IPsec VPN. Aside from have an issue last week with the versions not being in sync and that causing several of the sites to initiate and then fail, I've had very few problems with this setup. As I continue to tune and secure these sites with policies I come to a question that I can't find a clear answer to ......
1. Which side of the tunnel is the initiator if both are set up the same, and is there an initiator w/ pfS? 2. When using the keep alive setting (auto ping host) is/should this be the inside interface of the remote tunnel. I have tried setting this to some non-assigned IP and the tunnel will collapse after about 10 minutes. If I leave this field blank (don't use keep alive) then the tunnel stay up for a longer period of time after initialization, but will collapse after roughly 28800 (the phase 1 lifetime). -- David L. Strout Engineering Systems Plus, LLC --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
