Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 2

IPSec Hard Limits and Lifetimes

Apart from the slightly reduced level of security of running with a higher IPSec IKE Hard Limit than the standard 3600, has anyone got any good or bad points about upping it to the maximum 10000 seconds? 

The same goes for the Rekey Hard Lifetime value of 700 (default), assuming we use AES 256/SHA1, is there any reason to leave the values at the low default values?


1 Reply
Level 8
Report Inappropriate Content
Message 2 of 2

Re: IPSec Hard Limits and Lifetimes

By increasing the Hard Limit and Rekey Hard Lifetime value, it reduces the chance of rekeying failure (which would bring the tunnel down) because it would try to rekey less.