Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
900
Views
0
Helpful
2
Replies

IPSEC lifetime negotiations

sandevsingh
Level 1
Level 1

‎04-12-2009 11:52 PM - edited ‎02-21-2020 04:12 PM

Hi, when the SA lifetime-negogation expires, and a new SA is formed so does it start from the very beginning i.e first IKE-phase1 (Main mode) and then Phase 2(quick mode) or is it just that phase 2 is re-negotiated?

What is the default behavior without using PFS?

Labels:
0 Helpful
2 Replies 2

Ivan Martinon
Level 7
Level 7

‎04-13-2009 07:06 AM

The devices should only negotiate a new phase 2 key leaving the IKE phase intact, only when IKE goes down is when you will recreate both phases from scratch.

0 Helpful

sandevsingh
Level 1
Level 1
In response to Ivan Martinon

‎04-14-2009 08:34 AM

Thanks.

0 Helpful
Customers Also Viewed These Support Documents