IPSec configuration: what is Life Type setting?
-
I'm trying to configure an IPsec tunnel with my company's network. This is the first time I've ever done IPsec, so I barely know what I'm doing.
My company's VPN guy gave me a "VPN worksheet" to fill out. Under the "IPSec SA" section, there's "Life Time" and "Life Type" fields. I was able to identify the corresponding pfSense configuration setting for "Life Time", but not "Life Type".
I asked my VPN guy about it and he asked me what was pfSense's value for that and he can adjust the setting on his head. But I've been unable to figure it out thus far.
What could "Life Type" be and what is pfSense's default value for this? The recommended value for this field on the worksheet is "4,608,000 KB" if that's any help.
-
@arcadio what device is on the other side of your vpn tunnel?
-
@gabacho4 a Cisco 5516
-
See: https://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml#ipsec-registry-14
So the type here is 'seconds'.
Which of course is implied by the fact they have asked you for Life Time rather than Life Duration.
Steve
-
@stephenw10 It would seem, then, there's a mistake on the worksheet. Because for the recommended value for "Life Type", they have on the worksheet a value of "4,608,000 KB" which doesn't make sense in light of the what the definition is for "Life Type".
Thanks for the pointer. I'll let my VPN guy know.
-
Yup, seems there is some confusion!
