[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SA Lifetime (Soft and Hard)
Hi,
Hope the following ansver your Question :
> SPD1--------àNULL
>
> Now, how will the new SA be created?
>
>
Initially when IKE is used the policy(SPD) is configured with no SA(SAD) .
When an outgoing packet (from host or from network) pass the IPSEC module ,
the SPD lookup is done with the selectors extrated. If it match one of
policies IPSEC gives an indication to IKE to establish a new SA. After
establishing a new SA , it's linked with the SPD. New SA's from "soft timer"
are also linked to the same list. When "hard timer "occurs , the old SA will
be removed and the new SA 'll be used
It's like :
SPD1 ---------- NULL (no traffic)
SPD1 -----------SA1 ( first SA)
SPD1------------SA1 , SA 2 ( SA2 is the result of soft expire of SA1 ,
but only SA1 is used till hard expire)
SPD1------------SA2 ( hard expire of SA1 results in SA1 deletion)
Cheers !
suresh