On 1/3/2011 3:32 AM, Gert Van Gool wrote:
Hi all,
I'm having troubles with my configuration of a VPN.
This VPN is currently configured on a Juniper SSG5. But we need/want
to move it to a different server.
However we can't change anything but the connecting IP on this configuration.
I can fill in everything apart from the P2 lifetime size, this should
be 4194303 but max size is 1000000.
Is there a way to circumvent it (directly editing configuration file)?
You do realize that using a phase2 timeout of 1000000 will allow SA's to
exist for over 11 days? A typical IPsec SA only lives for an hour or so.
Even a typical ISAKMP SA only lives for 8 to 24 hours. In any case, I
suppose you could manually edit the phase2-life-secs value in the
registry or a file depending on the platform you use. On Windows, the
value is stored under ...
HKEY_CURRENT_USER\Software\ShrewSoft\vpn\site\[site name]
... and on Linux/BSD/OSX its stored in the file ...
~/.ike/sites/[site name]
-Matthew
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
