On Thu, 11 Apr 2013, Tero Kivinen wrote:
Not with IKEv2.
If the IKE SA lifetime is gone, then you REKEY the IKE SA. This cannot
cause INITIAL_CONTACT notifications. Also when IKE SA is expired, or
deleted all the IPsec SAs are also deleted automatically, so there is
also no problem for INITIAL_CONTACT.
Understood. I'll re-read the RFCs before implementing this for IKEv2.
You implementation will prevent that from working.
We have an option to choose this behaviour, uniqueids=yes|no (default yes)
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
