[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
TIME OUT value
Hi, All
From section 5.1 of RFC 2408:
1. Set a timer and initialize a retry counter.
NOTE: Implementations MUST NOT use a fixed timer. Instead,
transmission timer values should be adjusted dynamically based on
measured round trip times. In addition, successive
retransmissions of the same packet should be separated by
increasingly longer time intervals (e.g., exponential backoff).
2. If the timer expires, the ISAKMP message is resent and the retry
counter is decremented.
3. If the retry counter reaches zero (0), the event, RETRY LIMIT
REACHED, MAY be logged in the appropriate system audit file.
4. The ISAKMP protocol machine clears all states and returns to
IDLE.
--------------------
My question is what are the minimum and maximum TIMEOUT values?
Is there any guideline for this?
I see a problem when one of the gateway has a small TIMEOUT value and
the other gateway takes quite a good amount of time to calculate the DH
or RSA? The one with a small TIMEOUT value might go to step 4 easily.
-thanks in advance
-ramana