Hi folks -
I've been reading up on IPSEC and understand most of the concepts, but there are a few for which I am still a little unsure. I would appreciate if I could get a little more clarification on the concepts below.
1.) IPSEC over TCP versus IPSEC over UDP. From what I know, TCP option encapsulates the IPSEC packet using TCP and the UDP option encapsulates the IPSEC packet using UDP. TCP by default uses port 10000 and UDP uses port 4500. But what are the benefits of using TCP as opposed to using UDP? I know TCP is more reliable than UDP, but is that the only benefit?
2.) When you specify ISAKMP phase 1 parameters for a VPN tunnel, what is the purpose of the "group" setting? Also, howcome there is no group setting for phase 2?
3.) Lifetime setting for ISAKMP phase 1 parameters. By default, lifetime setting is 86400 seconds (24 hrs.). So does this mean that the SA will be up for 24 hours even if there is no interesting traffic being sent across the tunnel? If I configure the cryptop isakmp keepalive for 300 seconds (5 min), and no response is received within 5 minutes, does this mean the SA will be teared down?
Thanks for your help.