10-20-2022 08:33 AM
Hello
The following question is just for understanding.
Does a VPN tunnel collapse or abort briefly when the IKE Liftetime has expired?
With IPSEC SA, the lifetimes are required for rekeying- Is that correct?
Thanks Martin
Solved! Go to Solution.
10-20-2022 08:39 AM
Does a VPN tunnel collapse or abort briefly when the IKE Liftetime has expired? no because both side choose one lifetime.
With IPSEC SA, the lifetimes are required for rekeying- Is that correct? Yes when IPSec SA lifetime is end the both peer start exchange phase2 rekey for new key.
10-20-2022 08:57 AM
@Marco Serato no the VPN tunnel does not collapse when the IKE SA lifetime expires. Dataplane traffic over the VPN uses the IPSec SA not the IKE SA.
10-20-2022 08:39 AM
Does a VPN tunnel collapse or abort briefly when the IKE Liftetime has expired? no because both side choose one lifetime.
With IPSEC SA, the lifetimes are required for rekeying- Is that correct? Yes when IPSec SA lifetime is end the both peer start exchange phase2 rekey for new key.
10-20-2022 08:56 AM
After the IKE Lifetime has expired, is there only one rekeying or is there more to it?
10-20-2022 09:06 AM
Depending if you config per-host
Then for each host in acl subnet there rekey
If not then only one rekey.
10-20-2022 12:45 PM
Is the rekeying not based on the Diffie Hellman algo?
10-20-2022 08:57 AM
@Marco Serato no the VPN tunnel does not collapse when the IKE SA lifetime expires. Dataplane traffic over the VPN uses the IPSec SA not the IKE SA.
10-20-2022 12:45 PM
Many thanks for the answers.
In IKEv2 the IKE lifetime must be the same, but the SA lifetime can be different. Am I correct?
10-20-2022 12:51 PM
@Marco Serato no, with IKEV2 the configured lifetimes do not need to be identical. If the two peers have different lifetime policies, the end with the shorter lifetime will end up always being the one to request the rekeying.
10-21-2022 02:03 AM
I think you confuse about the two lifetime in IPsec, check link above for more info
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide