From: ralph@brussels.lan   
      
   AM wrote:   
   > Could you suggest me appropriate values for lifetimes in phase 1 and 2?   
   > I know the lower the best but also the lower the greater load for CPU of   
   > the device negotiating parameters.   
   > So have you any suggestions?   
   >   
   > Alex.   
      
   On PIX, 6 hours for phase 1 (aes-256/md5, DH Group 2), 3 hours for phase   
   2, PFS, (aes/md5) + 512Mb for the volume. Here is how I setup my PIX VPN   
   for 4 years now without any troubles in terms of CPU of Mem. An example,   
   1 HA PIX 525 with 120 PIX 501/506/515 talking about in the meantime. The   
   bandwidth the encrypt is 32 Mbits/sec, most of the remote sites are   
   1024/128 down/up.   
      
   ralph   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)