Tore Anderson <tore@...> writes:
> * VANHULLEBUS Yvan
> > I guess we should simply discard anything related to lifebyte, but I'm
> > not sure it won't cause problems with some peers that set up a value
> > for lifebyte...
> > Did your peer really sent a proposal with a lifebyte of 4,5 Mb, or is
> > this another lifebyte related bug/issue/problem on ipsec-tool's side ?
> > And was your peer an ipsec-tools's racoon (in which version ?) or
> > "something else" ?
> The peer is a Cisco ASA with OS version 7.2.2, and it really did
> propose a lifebyte of 4.5 MB. According to my client it's not possible
> to disable this completely. I'm using racoon 0.7-beta3.
> However I'm more concerned about the racoon part of the log message.
> If racoon proposes a lifebyte of 2GB, but sets up the IPSEC SAs without
> any lifebyte, won't that cause the peer to expire tose SAs prematurely
> if 2GB is transferred before the lifetime has elapsed? And won't that
> cause connectivity problems?
> I think this might have been the trouble I had speaking to this
> device. At apparantly random intervals the Cisco would send me a
> delete SA notification (delete SA didn't work with 0.6.6 so
> connectivity was interrupted). I believe that was due to the 4.5 MB
> limit being hit, the Cisco apparantly thought we'd agreed to such a
Searching for a solution of my problem, I found your question about set a
lifebyte in racoon. Aparently my problem is the same - my Peer: racoon - my
partner peer CISCO, and the log: [racoon: ERROR: lifebyte mismatched:
my:2147483647 peer:0 ]
Did you find some way to solve this problem ? Or to set the lifebyte ?
Thanks a lot !