RE: Phase 1 Lifetime and Lifedata

["Christian Fanzen" <cfranzenml@atsec.com>]

Hi,

theory and praxis are allways different. In this case lifedata is defined by
the IKE RFC, the theoretical part. But in practice for most vendors (Cisco,
Checkpoint, Raptor, Win2K) the lifedata value MUST be set to zero! Otherwise
the negotiation fails.
In my opinion this configuration-data-field should be diasabled in order to
not insecure users and admins.

Christian

> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of dfox@quarrytech.com
> Sent: Freitag, 22. Februar 2002 00:32
> To: ewilkinson@efficient.com
> Cc: ipsec@lists.tislabs.com
> Subject: RE: Phase 1 Lifetime and Lifedata
>
>
> In the last couple of implementations, that I was involved with
> testing, we
> didn't use Lifedata in Phase 1.  The reason for this is that the ISAKMP
> communications are so small that it didn't make sense.  If it was sent to
> us, we dealt with it appropriately.  We always used Lifetime, however.
>
> David
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> David Fox
> Quarry Technologies                                dfox@quarrytech.com
> 8 New England Executive Park                 Direct: 781-359-5094
> Burlington, Massachusetts  01803            Main: 781-505-8300 x5094
> www.quarrytech.com                                FAX:   781-505-8316
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>  -----Original Message-----
> From: 	Edward Wilkinson [mailto:ewilkinson@efficient.com]
> Sent:	Thursday, February 21, 2002 5:31 PM
> To:	Ipsec (E-mail)
> Subject:	Phase 1 Lifetime and Lifedata
>
> When using some of the gateways and clients, I see  an option to set
> lifedata..  Is this filed valid in phase 1 and if it is how would it be
> used.
>