Intel® Packet Protect User’s Guide
34
connection cannot be negotiated, then the communication request is
denied. This security action is appropriate for servers.
Remember that two computers attempting to communicate must agree on cer-
tain settings in order to communicate using IPSec.
The Requires Match? column in the table below indicates whether the source
and destination computers must have the same security setting..
Table 6: Available Settings for Security Actions
Security
Setting Description
Requires
Match?
Time limit The length of time (in minutes or hours) the
protected communication can be active
before the system renegotiates. To increase
protection, lower the time limit (to a minimum
of 10 minutes). This makes the system re-
negotiate a new security association more
often, but increases network traffic. You may
specify a time limit, size limit, or both. This
setting is optional.
If two computers require different time limits,
the communication is re-negotiated when the
lower time limit is reached. If a time limit is not
defined, the default is 8 hours.
No
Size limit The amount of data (in MB) that can be
transferred during a security association
before the system renegotiates. To increase
protection, lower the size limit (to a minimum
of 20 MB). This makes the system renegotiate
a new security association more often, but
increases network traffic. You may specify a
time limit, size limit, or both. This setting is
optional.
If two computers attempting to communicate
require different size limits, the security
association expires when it reaches the lower
size limit. If you specify a size limit only, an 8-
hour time limit is applied automatically. The
default is no size limit. There is no maximum
size limit for a security association.
No