[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Lifetime & rekeying

To: "'Shetty, Snehal S'" <snehal.shetty@qwest.com>, "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: RE: Lifetime & rekeying
From: "Lordello, Claudio" <CLordello@unispherenetworks.com>
Date: Wed, 20 Feb 2002 16:59:19 -0500
Sender: owner-ipsec@lists.tislabs.com


Yes, a new set of session keys is established for the new SA in a phase 2
exchange. This new phase 2 exchange may or may not require a new phase 1
depending on whether a  phase 1 is still around or not. The IKE pre-shared
keys are used to authenticate the endpoints of the communication during a
phase 1 exchange. The IKE pre-shared keys do not expire.

Claudio.

> -----Original Message-----
> From: Shetty, Snehal S [mailto:snehal.shetty@qwest.com]
> Sent: Wednesday, February 20, 2002 2:46 PM
> To: 'ipsec@lists.tislabs.com'
> Subject: Lifetime & rekeying
> 
> 
> 	
> 
> I am trying to understand what happens after an IPSEC SA reaches its
> Lifetime. I know that another SA is established before the 
> previous SA goes
> down but is there a new key used on this SA, if IKE is configured with
> pre-shared keys.
> 
> 
> Thanks
> 	
>

Prev by Date: Lifetime & rekeying
Next by Date: Re: Lifetime & rekeying
Prev by thread: Re: Lifetime & rekeying
Next by thread: Phase 1 Lifetime and Lifedata
Index(es):
- Date
- Thread