[vpn-help] Timeouts?
kevin shrew-vpn
klmlk at hotmail.com
Sat Jul 10 22:29:31 CDT 2010
On Sat, 10 Jul 2010 21:58:04 -0500
Matthew Grooms <mgrooms at shrew.net> wrote:
> In any case, there are no messages exchanged between peers when an SA
> expires. That's why its important to make sure the lifetime matches
> on both ends. Otherwise when an SA is expired by one peer, the other
> peer may still attempt to use that SA to protect an important message
> or IPsec traffic. When this happens, communication obviously breaks
> down.
>
I thought it was negotiated as part of the connection! Matching the
timeouts may actually help solve a problem I've been having for a
long time. Thanks for taking the time to write the long explanation!
More information about the vpn-help
mailing list