When the Isakmp Sa rekeying takes place, does the Asa drop all current connections? Do the connections get dropped when the Ipsec Sa lifetime expires? And, one more, is there a standard design philosoply regarding the Isakmp Sa lifetime and the Ipsec Sa lifetime? Hope not too may ?'s for one post. Thanks.