<div dir="ltr">Please provide some additional info for the trap policies. In our scenario, on the IKEv1 rekey collision, we are losing the child-sas and it never gets created again.<div>Are the trap-policies, some configuration or settings. Anything specific to child-sas we need to set?</div><div><br></div><div>thanks,</div><div>Manju</div></div><br><div class="gmail_quote"><div dir="ltr">On Sun, Dec 16, 2018 at 11:56 PM Tobias Brunner <<a href="mailto:tobias@strongswan.org">tobias@strongswan.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Manju,<br>
<br>
> * IKEv1 rekey happens every 300s, new IKE SAs are created and no IPsec<br>
> SAs are created. Should the system not recover on next IKEv1 rekey?<br>
<br>
No, IKE rekeying does not affect CHILD_SAs.<br>
<br>
> * IPsec rekey timer is probably not of any use since IPsec SAs are not<br>
> present.<br>
<br>
Yep.<br>
<br>
You could use trap policies to (re-)create CHILD_SAs automatically if<br>
they get closed for some reason.<br>
<br>
Regards,<br>
Tobias<br>
</blockquote></div>