On Sat, 10 Jul 2010 21:58:04 -0500 Matthew Grooms <[email protected]> wrote:
> In any case, there are no messages exchanged between peers when an SA > expires. That's why its important to make sure the lifetime matches > on both ends. Otherwise when an SA is expired by one peer, the other > peer may still attempt to use that SA to protect an important message > or IPsec traffic. When this happens, communication obviously breaks > down. > I thought it was negotiated as part of the connection! Matching the timeouts may actually help solve a problem I've been having for a long time. Thanks for taking the time to write the long explanation! _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
