Hello, My current understanding is that the TEK pushed down to GMs in GETVPN is based on the IPSEC transform-set / profile configured on the KS. Under the IPSEC profile we can set the SA lifetime in seconds. At the same time, we can set the rekey time in seconds under the GDOI configuration. I am a little confused on this topic because to me on the surface it seems like the same thing. What is the difference between the IPSEC SA lifetime and the rekey lifetime?
I get that after x amount of time the SA keys need refreshed. Is that after the SA lifetime expires, or after the rekey time expires? -- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
