In VPN 3000 under IKE Proposals (Configuration| Tunneling and Security | IPSec |IKE Proposals) i can configure SA Lifetime. In the Help on line is written: "This parameter specifies how to measure the lifetime of the IKE SA keys, which is how long the IKE SA lasts until it expires and must be renegotiated with new keys. It is used with the Data Lifetime or Time Lifetime parameters"
Under Security Association Configuration (Configuration|Policy Management|Traffic Management| Security Association) i have the same parameter with the same Help on line description: "This parameter specifies how to measure the lifetime of the IKE SA keys, which is how long the IKE SA lasts until it expires and must be renegotiated with new keys. It is used with the Data Lifetime or Time Lifetime parameters"
Now the question.
It correct to say that IKE SA lifetime refer to lifetime of IKE SA and is the refer to the duration of Simmetric Keys, and SA liftime refer to lifetime of the single unidirectional IPSEC SA ?
If I remember correctly if the IKE SA liftime expires and the keys are renegotiated and there isn't any traffic passing at the time the IPSEC SA shouldn't be effected. If the IPSEC tunnel SA expires it should renegotiate as long as the IKE SA is up.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...