> -----Urspr|ngliche Nachricht----- > Von: dug [mailto:d...@xgs-france.com] > Gesendet: Montag, 19. Januar 2009 17:44 > An: Hans-Joerg Hoexer > Cc: Christoph Leser; misc@openbsd.org > Betreff: Re: Cisco IPSec Security Association Idle Timers and isakmpd > > > Le 19 janv. 09 ` 17:37, Hans-Joerg Hoexer a icrit : > > > Hi, > > > > On Mon, Jan 19, 2009 at 04:56:25PM +0100, Christoph Leser wrote: > >> > >> I noticed that the cisco end of a VPN I configured on my openBSD > >> sends a > >> DELETE message after a certain amount of idle time. > > > > Which SAs get deleted? isakmp, ipsec or both? > > > > HJ. > > > > > > > When you execute netstat -rn, do you always see the SA on your > OpenBSD, after DELETE message has been sended ? > > > I cannot tell for sure. Most DELETE messages come in after an new SA has been established, so you would expect to see the SA in netstat output, wouldn't you.
I would say that I see the SA, when only IPSEC is DELETED, but no SA, when IPSEC and ISAKMP is deleted.
