VPN - Lifetime for phase 1 and 2.

This is Interesting: Free IT Magazines  
Home > Archive > VPN > September 2005 > Lifetime for phase 1 and 2.





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Lifetime for phase 1 and 2.
AM

2005-09-05, 5:46 pm

Could you suggest me appropriate values for lifetimes in phase 1 and 2?
I know the lower the best but also the lower the greater load for CPU of the device negotiating parameters.
So have you any suggestions?

Alex.
Ralph (c)

2005-09-05, 5:46 pm

AM wrote:
> Could you suggest me appropriate values for lifetimes in phase 1 and 2?
> I know the lower the best but also the lower the greater load for CPU of
> the device negotiating parameters.
> So have you any suggestions?
>
> Alex.

On PIX, 6 hours for phase 1 (aes-256/md5, DH Group 2), 3 hours for phase
2, PFS, (aes/md5) + 512Mb for the volume. Here is how I setup my PIX VPN
for 4 years now without any troubles in terms of CPU of Mem. An example,
1 HA PIX 525 with 120 PIX 501/506/515 talking about in the meantime. The
bandwidth the encrypt is 32 Mbits/sec, most of the remote sites are
1024/128 down/up.

ralph
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com