Thank you Tobia, and Martin. It is good to know the identifier is unique.
I have a couple more related questions? Is it possible to have multiple CHILD_SA under the same IKE_SA ? Is it possible to have multiple CHILD_SA with different connection <NAME> under the same IKE_SA. The reason I am asking is that I want to know if it is possible to delete IKE_SA, with CHILD_SA identifier. That is if a CHILD_SA identifier is "n", can I use "ipsec down [n]" to delete the associated IKE_SA? I appreciate your help in advance. Jordan. On Thu, Nov 8, 2012 at 12:18 AM, Martin Willi <[email protected]> wrote: > Hi Jordan, > > > I appreciate if any one could explain to me whether IKE_SA connection > > instance # is unique within the entire IKE_SA list? > > Yes, they are, except for rekeyings. Each new IKE_SA gets an incremented > unique identifier, but a rekeyed IKE_SA that replaces an old IKE_SA > reuses the identifier of the replaced IKE_SA. > > > I also have the same question for CHILD_SA. Is the instance ID unique > > with in the entire IPsec SA list? > > Yes, but the same about rekeyings applies. > > Regards > Martin > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
