IPSEC lifetime negotiations

Unanswered Question
Apr 12th, 2009
User Badges:

Hi, when the SA lifetime-negogation expires, and a new SA is formed so does it start from the very beginning i.e first IKE-phase1 (Main mode) and then Phase 2(quick mode) or is it just that phase 2 is re-negotiated?

What is the default behavior without using PFS?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Mon, 04/13/2009 - 07:06
User Badges:
  • Cisco Employee,

The devices should only negotiate a new phase 2 key leaving the IKE phase intact, only when IKE goes down is when you will recreate both phases from scratch.


This Discussion