Hi all, This is something I thought would be really easy to research but I've come up empty. I got kinda bogged in a sea of RFCs, draft proposals and JUNOS documentation.
We have about 110 WAN routers configured in a partial mesh of IPsec tunnels. I want to modify the SA lifetime value in both the IKE (phase 1) and IPsec (phase 2) proposals. I'll be automating the config push to make this happen - so it should roll out fairly quickly - but what happens if, by chance, a SA needs to be renegotiated *during* my change window, and peer "A" has the new lifetime value and peer "B" has the old lifetime value? I'm trying to understand the behaviour for both phases. We're running JUNOS 10.0 (R3 and R4, if it matters). I'm hoping for an answer along the lines of "the peers will negotiate seamlessly and without tearing down SAs" :-) If it's inconclusive, I guess I'll lab it up. Cheers, Dale _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp