|
Posted by Ralph (c) on September 5, 2005, 6:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
AM wrote:
> Could you suggest me appropriate values for lifetimes in phase 1 and 2?
> I know the lower the best but also the lower the greater load for CPU of
> the device negotiating parameters.
> So have you any suggestions?
>
> Alex.
On PIX, 6 hours for phase 1 (aes-256/md5, DH Group 2), 3 hours for phase
2, PFS, (aes/md5) + 512Mb for the volume. Here is how I setup my PIX VPN
for 4 years now without any troubles in terms of CPU of Mem. An example,
1 HA PIX 525 with 120 PIX 501/506/515 talking about in the meantime. The
bandwidth the encrypt is 32 Mbits/sec, most of the remote sites are
1024/128 down/up.
ralph
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map