Could you suggest me appropriate values for lifetimes in phase 1 and 2? I know the lower the best but also the lower the greater load for CPU of the device negotiating parameters. So have you any suggestions?
Alex.
On PIX, 6 hours for phase 1 (aes-256/md5, DH Group 2), 3 hours for phase
2, PFS, (aes/md5) + 512Mb for the volume. Here is how I setup my PIX VPN for 4 years now without any troubles in terms of CPU of Mem. An example, 1 HA PIX 525 with 120 PIX 501/506/515 talking about in the meantime. The bandwidth the encrypt is 32 Mbits/sec, most of the remote sites are 1024/128 down/up.ralph
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.