XPost: microsoft.public.windows.terminal_services   
   From: mike-newsgroup@-DELETETHISPART-.upcraft.com   
      
   Vince wrote:   
   > Mike,   
   >   
   > Thanks for the feedback.  I will setup the IPSEC w/3DES as soon as I   
   > get the other routers and report back.   
   >   
   > You mentioned that the DES keys are changed when the phase 1 connection   
   > is renegotiated.  If I have a persistent 24-hour scheduled connection   
   > for the tunnel, would the phase 1 keys theoretically not change until   
   > it was "bounced" by external factors (power, ISP burp etc.) ?   
   >   
      
   There is a setting in the Phase 1 configuration that will determine the   
   length of time or amount of data before a rekey event.  Default settings   
   are for 28800 seconds and no data amount restriction.  It's in the   
   advanced IKE Phase 1 options screen.  I cannot remember exactly, but I   
   believe that the keys are renegotiated sometime before they actually   
   expire similar to a DHCP lease, since this would be disruptive to the   
   link if it waited until the limits.  There is a preference to use the   
   new security association (key) immediately after it's established or to   
   wait until the old one expires.  I don't know that it makes much   
   difference except in the case where you are trying to tweak a connection   
   between the routers of two different manufacturers.   
      
      
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)