The timeout is 3600 seconds, but the max lifesize is 4194303Kbytes. -- Gert
Mobile: +32 498725202 Twitter: @gvangool Web: http://gert.selentic.net On Tue, Jan 4, 2011 at 09:26, Matthew Grooms <[email protected]> wrote: > On 1/3/2011 3:32 AM, Gert Van Gool wrote: >> >> Hi all, >> >> I'm having troubles with my configuration of a VPN. >> This VPN is currently configured on a Juniper SSG5. But we need/want >> to move it to a different server. >> However we can't change anything but the connecting IP on this >> configuration. >> >> I can fill in everything apart from the P2 lifetime size, this should >> be 4194303 but max size is 1000000. >> Is there a way to circumvent it (directly editing configuration file)? >> > > You do realize that using a phase2 timeout of 1000000 will allow SA's to > exist for over 11 days? A typical IPsec SA only lives for an hour or so. > Even a typical ISAKMP SA only lives for 8 to 24 hours. In any case, I > suppose you could manually edit the phase2-life-secs value in the registry > or a file depending on the platform you use. On Windows, the value is stored > under ... > > HKEY_CURRENT_USER\Software\ShrewSoft\vpn\site\[site name] > > ... and on Linux/BSD/OSX its stored in the file ... > > ~/.ike/sites/[site name] > > -Matthew > _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
