No subject
Fri Jul 20 08:04:52 EDT 2012
openswan choose to renew IPsec SA first(sometime it choose ISAKMP, but
I can almost always reproduce the issue with lifetime=300 seconds). I
guess the new IPsec would use old ISAKMP, and when ISAKMP SA is
renewed, seems router would delete the old IPsec, which result in
connectivity lost.
But the same thing cannot be reproduced by Cisco router, even the log
is almost the same(IPsec first, then ISAKMP).
DPD is enabled or not won't affect this issue.
I've been bothered by this issue for several days, can anyone shed
some light on it?
Thanks!
--Sheng
More information about the Users
mailing list