Hi Eric,
Does "<conn>.reauth_time” and leaving “break_before_make” alone force a reauth and certificate validity check on IKE/ISAKMP from non-cached crl’s?
Could you please clarify your question (e.g. why do you mention break_before_make in this context? what do you mean with "from non-cached CRLs"? are you considering setting reath_time on the client or the server - and with what type of authentication/config? why do you mention ISAKMP, are you actually considering using IKEv1?).
Regards, Tobias
