[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec SA DELETE in "dangling" implementation



Bronislav Kavsan wrote:
> 
> If your gateway is running out of memory and deleted IKE SA to free some memory - when I
> want to send you keep-alive 1 min later and start IKE SA to protect it - you will have
> exactly the same resource problem as you had 1 min ago.

Maybe dead peer detection should not rely upon the presence of an IKE
SA.

Scott


Follow-Ups: References: