[Users] about FreeS/Wan timer events

From: zheng jing yan (jy_zheng_at_powermatic.com.sg)
Date: Thu Oct 03 2002 - 10:57:22 CEST

• Next message: Kaustubh.Kumbhalkar_at_lntinfotech.com: "RE: [Users] Starting IPsec6"
• Previous message: Tarun Bajaj: "[Users] Patch for aggressive mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have some questions about FreeS/Wan timer events

I have established an ESP tunnel between two gateway.
And I set the ISAKMP SA life time to 1100 seconds.
IPSEC SA life time to 2200 seconds.rekey_margin is 540 seconds.
After the tunnel is established.
The timer event is like follows:

1.EVENT_SA_REPLACE after 560 seconds.-- the ISAKMP SA life time.
2.EVENT_SA_REPLACE after 1660 seconds.-- the IPSEC SA life time.

after 560 seconds passed. The ISAKMP is replaced.And the IPSEC SA
should also be replaced.
now the timer event should be like this:

1.EVENT_SA_EXPIRE after 540 seconds.-- the first ISAKMP SA expires.
2.EVENT_SA_REPLACE after 560 seconds.-- the second ISAKMP SA life time.
3.EVENT_SA_REPLACE after 1100 seconds.-- the first IPSEC SA life time.
4.EVENT_SA_REPLACE after 1660 seconds.-- the second IPSEC_SA life time.

Is that right? If that is right.I am very confused.
Because after 540 seconds the first ISAKMP SA expires and the connection
will be deleted.So the tunnel can not be used until 20 seconds later the
EVENT_SA_REPLACE will reconnect the tunnel.I think this is not correct.
Can you explain this to me? Thank you very much.

Jing Yan

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Kaustubh.Kumbhalkar_at_lntinfotech.com: "RE: [Users] Starting IPsec6"
• Previous message: Tarun Bajaj: "[Users] Patch for aggressive mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Oct 04 2002 - 05:20:19 CEST