Hi, I have had some problems with an IPSEC between pfsense 1.2.3 and a Nortel device (in different country). The IPSEC will stay up for 24 hours + and then we are not able to send traffic thru the ipsec anymore. Have to disable / enable it. We think this is lifetime issues but i'm a bit confused of how Nortel handles this. In pfsense we have phase 1 and phase 2 lifetimes but on the Nortel the only thing we have is a field called 'rekey timeout'. On pfsense we have been using 28800 seconds on Phase 1 and 86400 seconds on Phase 2, and on nortel side 28800 rekey timeout which now is not working any good. Tthe Nortel device user suggested that we changed to disable Phase 1 lifetime and use 28800 seconds on Phase 2. They claim that rekey timeout is the same as Phase 2 lifetime and they have no phase 1 lifetime so we shouldn't use one either.
If you want to 'disable' phase 1 lifetime is it correct to leave it blank? Does anyone know if this is the right way to do it with the Nortel device? If not what should we use on phase 1 and phase 2 lifetime when nortel use 28800 seconds rekey timeout? Thanks in advance! Stale.
