[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Lifetime & rekeying
Yes, a new set of session keys is established for the new SA in a phase 2
exchange. This new phase 2 exchange may or may not require a new phase 1
depending on whether a phase 1 is still around or not. The IKE pre-shared
keys are used to authenticate the endpoints of the communication during a
phase 1 exchange. The IKE pre-shared keys do not expire.
Claudio.
> -----Original Message-----
> From: Shetty, Snehal S [mailto:snehal.shetty@qwest.com]
> Sent: Wednesday, February 20, 2002 2:46 PM
> To: 'ipsec@lists.tislabs.com'
> Subject: Lifetime & rekeying
>
>
>
>
> I am trying to understand what happens after an IPSEC SA reaches its
> Lifetime. I know that another SA is established before the
> previous SA goes
> down but is there a new key used on this SA, if IKE is configured with
> pre-shared keys.
>
>
> Thanks
>
>