ATP500 and rekey time in phase1 for ipsec VPN tunnels
Options
TasagoreSeibei
Posts: 2 
Freshman Member
Freshman Member
in Security
Hi
I have a IPSEC tunnel, the other side is a Sophos device. We have intermittent disconnections and the Sophos guy says that it's due a bad rekey time. The remote log shows:
"Received IKE message with invalid SPI"
They have the tunnel configured in Phase1 for SA LifeTime of 10800s with a re-key margin of 360s, but I can't configure the second one setting in the ATP500.
Which is the default re-key margin for an ATP500?
Regards
0
All Replies
-
Hi @TasagoreSeibei ,
They have the tunnel configured in Phase1 for SA LifeTime of 10800s with a re-key margin of 360s, but I can't configure the second one setting in the ATP500.
Which is the default re-key margin for an ATP500?
Let me clarify what you're asking:
- For the Sophos device: They can set Phase 1 SA Lifetime of 10800s with a 360s re-key margin.
- For the ATP500: You can only set Phase 1 SA Lifetime, but no re-key margin setting is available? Are you looking to confirm what the default re-key margin is for Phase 1 on the ATP500?
Zyxel_Judy
0 - For the Sophos device: They can set Phase 1 SA Lifetime of 10800s with a 360s re-key margin.
Zyxel Employee
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 118 Nebula Status and Incidents
- 6.1K Security
- 428 USG FLEX H Series
- 298 Security Ideas
- 1.6K Switch
- 79 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 274 Service & License
- 422 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight
