IPSec Sito2Site to Cisco

Forum|Forum|11 years ago
February 4, 2015
2 replies
4246 views

Hello,

short Question. We have to do a VPN in 3 days to a Cisco Gateway. we have exchanged our Setting. and they sai for Phase 2 Key Lifetime 4608000 kilobytes / 3600 seconds.

Does it mean that i have to choose in my fortigate Phase 2 Propasals for Lifetime "Both" and wrtite the kilobytes values and second or it will be ok if i only put the 3600 for Lifetime?

Thank you

Best answer by emnoc

What this means they want use to use both ( byte and sec) and whatever happens 1st renew the ipsec-SA. So in your case

config vpn ipsec phase2-interface

edit < your phase2 name >

set keylife-type both <---toggle both here set keylifekbs 4608000 set keylifeseconds 3600

end

emnocAnswer

New Member

What this means they want use to use both ( byte and sec) and whatever happens 1st renew the ipsec-SA. So in your case

config vpn ipsec phase2-interface

edit < your phase2 name >

set keylife-type both <---toggle both here set keylifekbs 4608000 set keylifeseconds 3600

end

HolyAuthor

New Member

Thank you emnoc.

btw... you wanted to send me some learning material for Fortimal :) i realy need some, because self study is realy hard

emnoc wrote:
What this means they want use to use both ( byte and sec) and whatever happens 1st renew the ipsec-SA. So in your case

config vpn ipsec phase2-interface

edit < your phase2 name >
set keylife-type both <---toggle both here set keylifekbs 4608000 set keylifeseconds 3600
end

emnoc

New Member

Yes when I get done and back at my home station I will find the ppt I told you about.

Ken

HolyAuthor

New Member

Ok Thank you :=)

emnoc wrote:
Yes when I get done and back at my home station I will find the ppt I told you about.

Ken

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded