Both are different. Rekey time is used by KS to sends SAs regular. Now this is the role of KS.
Now let's say the multicasting tree is not working and GMs are not getting updates, so what will happen? When IPSec SAs is going to expire, the GMs will re-register. With regards Kings On Mon, Mar 19, 2012 at 8:15 PM, Joe Astorino <[email protected]>wrote: > I think I figured it out after doing some more reading. I am pretty > certain that the TEK lifetime is the same thing as the IPSEC SA > lifetime configured under the IPSEC profile, but the rekey configured > under the GDOI configuration is actually just for the KEK lifetime. > Correct me if I am wrong please and thank you! > > On Mon, Mar 19, 2012 at 10:20 AM, Joe Astorino > <[email protected]> wrote: > > Hello, > > > > My current understanding is that the TEK pushed down to GMs in GETVPN > > is based on the IPSEC transform-set / profile configured on the KS. > > Under the IPSEC profile we can set the SA lifetime in seconds. At the > > same time, we can set the rekey time in seconds under the GDOI > > configuration. I am a little confused on this topic because to me on > > the surface it seems like the same thing. What is the difference > > between the IPSEC SA lifetime and the rekey lifetime? > > > > I get that after x amount of time the SA keys need refreshed. Is that > > after the SA lifetime expires, or after the rekey time expires? > > > > -- > > Regards, > > > > Joe Astorino > > CCIE #24347 > > http://astorinonetworks.com > > > > "He not busy being born is busy dying" - Dylan > > > > -- > Regards, > > Joe Astorino > CCIE #24347 > http://astorinonetworks.com > > "He not busy being born is busy dying" - Dylan > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
