All,
Hopefully this is a quick answer for someone ?
When we set up a tunnel, we have to specify a DH group along with the
acceptable encryption and authentication algorithms for the IKE_SA
(e.g. aes-sha-modp1024!).
Is DH re-negotiated everytime we rekey the IKE_SA ?
Also, when we set up a
In this case, I believe that it is always us (the client) that
initiates rekeying. So, by proposing aes-sha1-modp1024,aes-sha1!,
you could say that we are giving the SeGW a choice of whether it wants
us to perform a DH or non-DH CHILD_SA rekey ?
It should work. The client will always