Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


An IPSec site-to-site connection to a third-party remote IPSec tunnel endpoint fails and an incorrect key lifetime value is used for the Internet Protocol Security (IPsec) Main Mode in Microsoft Forefront Threat Management Gateway (TMG) 2010.


TMG uses a hardcoded value for IPsec Main Mode lifetime setting of an IPSec Security Association. This problem occurs because TMG does not correctly handle the value that you enter in the Authenticate and generate a new key every xxx seconds setting for Main Mode (Phase I).

Although you can configure a custom value for the Authenticate and generate a new key every xxx seconds setting, TMG ignores this setting and uses a value of 7200 instead. Therefore, IPSec tunnel mode connections may fail.


To resolve this problem, install Rollup 5 for Forefront Threat Management Gateway 2010 Service Pack 2.


To work around this problem, change the configuration of the remote tunnel endpoint to match the value of 7200 seconds for Main Mode on the TMG server.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!