On 4/9/2011 5:23 PM, Mark Larwill wrote:
On the Shrew website one of the known issues listed is:
"Will negotiate but not honor lifetime kilobytes for SAs"
I have a few questions about this:
Is there any more detailed information about what this means?
Does this apply for both phase-1 and phase-2?
What happens if "Key Life Data Limit" values are set in the user interface?
Are there any known problems that can occur as a result of this limitation?
The life bytes parameter was added because some gateway configurations
will only negotiate with a peer if they supply the parameter. The client
does not enforce the life byte restriction. This means that you could
potentially encounter a situation where the peer thinks the SA has
expired ( due to the life bytes max being reached ) but the local client
still thinks its valid.
-Matthew
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
