MikroTik

Community discussions
https://forum.mikrotik.com/

ipsec lifetime clarification

https://forum.mikrotik.com/viewtopic.php?t=14195

Page 1 of 1

ipsec lifetime clarification

Posted: Wed Feb 28, 2007 3:49 pm
by amode
Hi,

using ipsec, there are two lifetime values which can be configured:

One is the

/ip ipsec proposal lifetime

and the other is the

/ip ipsec peer lifetime

a) Can some please explain the relationship between these lifetimes values
b) Should the proposal lifetime < peer lifetime
c) Or any other rule here?

Thanks a lot for some expert knowledge.

Achim

Re: ipsec lifetime clarification

Posted: Tue Jul 21, 2015 3:28 pm
by NetVicious
Proposal it's the phase 2 of IPSec and it's lifetime means when it should renew the SAs used.

Peer it's the phase 1 of IPSec and it's lifetime means when it should close the current connection and create a new one.

On the IP / IpSec / Peers you could see the phase 1, and if you double-click one you will see the established time. This one should never be greater than the phase 1 lifetime.

On the Installed SAs tab you have the same but for phase 2.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/