[Openswan Users] Regarding the life time for IKE SA and IPsec
SA
Paul Wouters
paul at xelerance.com
Mon Jan 16 19:09:46 CET 2006
On Mon, 16 Jan 2006, Shi Lang wrote:
> Subject: [Openswan Users] Regarding the life time for IKE SA and IPsec SA
>
> Hi all,
>
> Regarding the life time for IKE SA and IPsec SA, openswan seems that the
> default values are:
>
> IKE sa: 1 hour
> IPsec sa: 8 hour
>
> But when I refer to other document, even like Microsoft ipsec, the default
> values are:
>
> IKE sa: 8 hour
> IPsec sa: 1 hour
>
> Wonderring who is right?
I think either is allowed by the RFC. Perhaps Michael or Hugh remember why these
choices were made?
Paul
More information about the Users
mailing list