[Openswan dev]
Re: [Openswan Users] Regarding the life time for IKE SA and IPsec
SA (fwd)
Paul Wouters
paul at xelerance.com
Mon Jan 16 19:32:58 CET 2006
---------- Forwarded message ----------
Date: Mon, 16 Jan 2006 19:09:46 +0100 (CET)
From: Paul Wouters <paul at xelerance.com>
Cc: dev at oenswan.org, users at openswan.org
To: Shi Lang <shilang at greenpacket.com>
Subject: Re: [Openswan Users] Regarding the life time for IKE SA and IPsec SA
On Mon, 16 Jan 2006, Shi Lang wrote:
> Subject: [Openswan Users] Regarding the life time for IKE SA and IPsec SA
>
> Hi all,
>
> Regarding the life time for IKE SA and IPsec SA, openswan seems that the
> default values are:
>
> IKE sa: 1 hour
> IPsec sa: 8 hour
>
> But when I refer to other document, even like Microsoft ipsec, the default
> values are:
>
> IKE sa: 8 hour
> IPsec sa: 1 hour
>
> Wonderring who is right?
I think either is allowed by the RFC. Perhaps Michael or Hugh remember why these
choices were made?
Paul
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
More information about the Dev
mailing list