Hi Adrian, I'm not sure if this will do what you want, but you might try setting the lifetime of the ipsec key with:
[EMAIL PROTECTED] set vpn ipsec esp-group foo lifetime Possible completions: [30..86400] Set lifetime in seconds You can also set the ike-group lifetime. stig > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:vyatta-users- > [EMAIL PROTECTED] On Behalf Of Adrian F. Dimcev > Sent: Friday, November 23, 2007 4:51 AM > To: vyatta-users@mailman.vyatta.com > Subject: [Vyatta-users] IPsec SA idle timer > > > Hi, > Can we set on Vyatta an IPsec SA idle timer? > For example the other side of the tunnel has set this timer to 5 min. > If within 5 min no traffic is passing through the tunnel, the IPsec SA > is deleted. > Note that the other end does not support DPD. > >From what I can see, the other side is deleting the SA and sends the > ISAKMP Informational packet. > Vyatta receives it and after that immediately starts the QM negotiations > to establish a new IPsec SA although the tunnel is still idle. > This behaviour does not affect the tunnel in any way, so its only a > question not a problem. > I also have another question, not related to the timer, is going Vyatta > to be listed on the Virtual Private Network Consortium site for > interoperability logo? > I do not see why not, looking at its features and from my tests with > some of the devices listed there. > http://www.vpnc.org/testing.html > Thanks, > Adrian > > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
