[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Lifetime & rekeying
Andrew,
IMHO renegotiating a new SA (if required) after a softlife timer goes
off for a exisiting SA is a standard practice and i guess that justifies
the existance of softlifetime for a paritcular SA.
-Regards
Rohit
At 07:22 PM 2/20/2002 -0800, Andrew Wenlang Zhu wrote:
>Rohit:
>
>I did not find crystal clear statement in existing RFC about when to
>re-negotiate a new SA for a dying one, though soft lifetime trig a new
>negotiation is a good practice.
>
>I only recall that Linux FreeSwan group come up with a implementation
>"Draft" including discussion on this issues.
>
>Andrew
>
>
> >-----Original Message-----
> >From: owner-ipsec@lists.tislabs.com
> >[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of arohit@miel.mot.com
> >Sent: Wednesday, February 20, 2002 2:58 PM
> >To: Shetty, Snehal S; 'ipsec@lists.tislabs.com'
> >Subject: Re: Lifetime & rekeying
> >
> >
> >Snehal,
> > softlifetime expiry of IPSEC SA will trigger the key
> >manager to
> >renegotiate for the dying SA , The successful key exchange
> >will result in
> >new pair of keys for new SA.
> >
> >-Rohit
> >At 12:46 PM 2/20/2002 -0700, Shetty, Snehal S wrote:
> >>
> >>
> >>I am trying to understand what happens after an IPSEC SA reaches its
> >>Lifetime. I know that another SA is established before the
> >previous SA goes
> >>down but is there a new key used on this SA, if IKE is configured with
> >>pre-shared keys.
> >>
> >>
> >>Thanks
> >>
> >
> >
> >