Type a number between 2560 KB and 4194304 KB (4.2 GB). Default is 0.
This setting determines when an SA expires based on the amount of data passed over it rather than by time. (The more traffic sent over a connection, the better chance an attacker has at cracking a key).
The Threat Management Services (TMS) zl Module checks an L2TP SA for inactivity when the SA has transmitted and received 80 percent of the allowed bandwidth in KB. If the SA is active, the module renegotiates it, deleting the old SA when the new one is established. The module deletes an inactive SA if it is still inactive when the total lifetime in kilobytes is reached.
The default value of 0 means that the SA does not have a lifetime in kilobytes.
If you specify the SA lifetime both in seconds and in kilobytes, the module checks the SA for activity when the first limit is reached.
|