Re: [Ipsec-tools-devel] ipsec-tools 0.6.1 beta2 available
Brought to you by:
mit_warlord,
netbsd
From: VANHULLEBUS Y. <va...@fr...> - 2005-07-14 10:33:14
|
On Thu, Jul 14, 2005 at 12:06:47PM +0200, Krzysztof Oledzki wrote: [......] > Can't we just rebind IPsec SA from old ISAKMP SA to a new one? This not a problem of "binding" IPSec SAs. DPD is just here to check if we still have contact with a peer. So it will only check for a valid IsakmpSA connection, and will NOT check anything related to IPSec SAs. But if (when) you have valid IPSec SAs, no more Isakmp SA (timeout) and active DPD monitoring, DPD will detect that the peer is dead (because no more active IsakmpSA to send DPD messages), then will purge anything which is related to this peer.... including all IPSec SAs for this peer. Yvan. |