Le 14/10/2010 16:26, Erik Norgaard a écrit :
Hi:
I'm up against configuring a number of different systems with
host-host IPSec AH-only. The systems use different versions of racoon.
Questions:
- Must the key lifetime be the same in both ends?
In theory both ends are supposed to negotiate and select the smallest
lifetime between the hosts.
Reality is quite different, there are as many implementations of IPSec
as there are debices implementing it, or close. And connecting in IPSec
with a Cisco or a Checkpoint can be quite tedious. My opinion : avoid
unnecessary headaches : put the same lifetime on both ends.
- Can key lifetime be configured per host-host connection?
Yes.
Jerome Herman
Thanks, Erik
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"