<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16608" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=433240016-03032008><FONT face=Arial
color=#0000ff size=2>The defaults are fine. They come from the IPSec rfc's,
which suggest.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=433240016-03032008><FONT face=Arial
color=#0000ff size=2>Phase 1 - 1 hour, Phase 2 - 8 Hours or Phase 1 - 8 hours,
Phase 2 - 1 hour.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=433240016-03032008><FONT face=Arial
color=#0000ff size=2>I recommend you leave the ikelifetime and keylife values
alone, unless you</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=433240016-03032008><FONT face=Arial
color=#0000ff size=2>need to change them. For example, some interrop's require
them to be changed</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=433240016-03032008><FONT face=Arial
color=#0000ff size=2>to match the remote system.</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> users-bounces@openswan.org
[mailto:users-bounces@openswan.org] <B>On Behalf Of </B>hiren
joshi<BR><B>Sent:</B> March 3, 2008 10:54 AM<BR><B>To:</B>
users@openswan.org<BR><B>Subject:</B> [Openswan Users] recommended Phase 1 and
Phase 2 keylife values<BR></FONT><BR></DIV>
<DIV></DIV>Hello all,<BR><BR>In a normal ipsec connection, what should be the
values of ikelifetime (phase-1) and keylife (phase-2).<BR>Particularly whether
ikelifetime > keylife, or ikelifetime < keylife ?<BR><BR>As per `man
ipsec.conf`, default values for Phase -1 keylife is 1 hour and Phase -2
keylife is 8 Hours.<BR>Are they represent the recommended
one?<BR><BR>Regards,<BR>-hiren<BR></BLOCKQUOTE></BODY></HTML>