[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TIME OUT value



Hi, All
 From section  5.1 of RFC 2408:

  1.  Set a timer and initialize a retry counter.

        NOTE: Implementations MUST NOT use a fixed timer.  Instead,
        transmission timer values should be adjusted dynamically based on
        measured round trip times.  In addition, successive
        retransmissions of the same packet should be separated by
        increasingly longer time intervals (e.g., exponential backoff).

    2.  If the timer expires, the ISAKMP message is resent and the retry
        counter is decremented.

    3.  If the retry counter reaches zero (0), the event, RETRY LIMIT
        REACHED, MAY be logged in the appropriate system audit file.

    4.  The ISAKMP protocol machine clears all states and returns to
        IDLE.
--------------------


My question  is what are the minimum and maximum  TIMEOUT  values?
Is there any guideline for this?

I see a problem when one of the gateway has a small TIMEOUT value and
the other gateway takes quite a good amount of time to calculate the DH
or RSA? The one with a small TIMEOUT value might go to step 4 easily.


-thanks in advance
-ramana