Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2140
Views
0
Helpful
1
Replies

SA Lifetime

gdelpanta
Level 1
Level 1

‎04-13-2006 12:43 PM

In VPN 3000 under IKE Proposals (Configuration| Tunneling and Security | IPSec |IKE Proposals) i can configure SA Lifetime. In the Help on line is written: "This parameter specifies how to measure the lifetime of the IKE SA keys, which is how long the IKE SA lasts until it expires and must be renegotiated with new keys. It is used with the Data Lifetime or Time Lifetime parameters"

Under Security Association Configuration (Configuration|Policy Management|Traffic Management| Security Association) i have the same parameter with the same Help on line description: "This parameter specifies how to measure the lifetime of the IKE SA keys, which is how long the IKE SA lasts until it expires and must be renegotiated with new keys. It is used with the Data Lifetime or Time Lifetime parameters"

Now the question.

It correct to say that IKE SA lifetime refer to lifetime of IKE SA and is the refer to the duration of Simmetric Keys, and SA liftime refer to lifetime of the single unidirectional IPSEC SA ?

What happen when IKE SA lifetime expire ?

What happen when IPSEC SA lifetime expire ?

Thank you.

Labels:
0 Helpful
1 Reply 1

Patrick Laidlaw
Level 4
Level 4

‎04-14-2006 12:36 PM

Hello,

If I remember correctly if the IKE SA liftime expires and the keys are renegotiated and there isn't any traffic passing at the time the IPSEC SA shouldn't be effected. If the IPSEC tunnel SA expires it should renegotiate as long as the IKE SA is up.

Someone correct me if I'm wrong.

Patrick

0 Helpful
Customers Also Viewed These Support Documents