NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jxdomb's avatar
jxdomb
Aspirant
Jul 24, 2016

IPSec VPN Deletes After One Hour

I can successfully open a tunnel between the Netgear VPN client and FVS318N VPN router.  However after an hour, the VPN log on the router reports ISAKMP-SA expired and the tunnel goes down.  I've inc...
Security
jxdomb's avatar
jxdomb
Aspirant
Jul 30, 2016

I am using the VPN client on a Windows 8.1 desktop.  After reviewing the links you provided, I have been adjusting the various SA Lifetimes in the router IPSec policies and in the VPN client.  I must admit that I'm still not fully understanding them, but I have managed to get the tunnel to stay open for about four hours before it quits.

 

Does the 86400 seconds maximum in the client configuration indicate that 1 day is the maximum that an IPSec VPN tunnel is designed to stay up before it needs to be re-initiated by the remote user?  What if someone wants to keep a tunnel up for 2 days, a week or even longer?

 

Thanks for your continued assistance!

DaneA's avatar
DaneA
NETGEAR Employee Retired
Jul 31, 2016

Hi jxdomb,

 

What I know is that the SA Lifetime is the lifetime of the keys that the VPN tunnel uses to encrypt data.  If the 86400 seconds has been reached then it negotiates a new key.  If ever you have activity going on through the VPN tunnel, this will not be noticeable when the timers expire.

 

Let me share this link below that I found online and this might help you understand more about SA Lifetime:

 

IP SEC SA Lifetime

 

 

Regards,

 

DaneA

NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More