On Thu, Oct 14, 2021 at 01:22:51PM -0400, Paul Wouters wrote: > On Thu, 14 Oct 2021, Kontakt wrote: > > > I want to set up the ikev1 tunnel, where the other party expects from me > > the parameter > > "crypto map set security-association lifetime kilobytes 4608000" - I do not > > see this parameter in the configuration. the changelog doesn't mention this > > either. Can I ask for help in its configuration? on the other side I > > believe is cisco / ace > > This functionality is not available but should make it in the next > release. > > Note however, that lifetimes are not negotiated. Either side configured > it, and whenever a side deems the maximum is reached, it is up to them > to initiate a rekey or reauthentication. So this option is at least not > preventing you from establishing an IPsec connection. > > Note also that 4.6MB is a very small amount of traffic if this lifetime > is associated with ESP. For IKE it might be okay, but a little strange > to specify.
4608000 kilobytes is 4.6GB so not terribly small. -- Len Sorensen _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
