Please provide some additional info for the trap policies. In our scenario, on the IKEv1 rekey collision, we are losing the child-sas and it never gets created again. Are the trap-policies, some configuration or settings. Anything specific to child-sas we need to set?
thanks, Manju On Sun, Dec 16, 2018 at 11:56 PM Tobias Brunner <[email protected]> wrote: > Hi Manju, > > > * IKEv1 rekey happens every 300s, new IKE SAs are created and no IPsec > > SAs are created. Should the system not recover on next IKEv1 rekey? > > No, IKE rekeying does not affect CHILD_SAs. > > > * IPsec rekey timer is probably not of any use since IPsec SAs are not > > present. > > Yep. > > You could use trap policies to (re-)create CHILD_SAs automatically if > they get closed for some reason. > > Regards, > Tobias >
