Hi Tobias, In my case, the IKE SA rekey time was 300s and IPsec SA rekey time was 3600s.
However, once I hit the scenario, the system remains in that state: * IKEv1 rekey happens every 300s, new IKE SAs are created and no IPsec SAs are created. Should the system not recover on next IKEv1 rekey? * IPsec rekey timer is probably not of any use since IPsec SAs are not present. Thanks, Manju On Wed, Dec 12, 2018 at 12:57 AM Tobias Brunner <[email protected]> wrote: > Hi Manju, > > > However, are there known issues with IKEv1 with short rekey timers and > > how does IKEv2 overcome this problem? > > IKEv1 has no exchange collision handling, so if both ends rekey > concurrently, all bets are off, IKEv2 has (except for reauthentication, > so use regular rekeying to avoid problems). > > Regards, > Tobias >
