[strongSwan] IKE SA's are getting deleted

Martin Willi martin at strongswan.org
Tue Aug 3 10:24:11 CEST 2010


> Q. Can you tell me what can be the reason behind this?

Probably your gateway has a policy to enforce for identical IKE_SAs. If
you are running strongSwan, we have a uniqueids= option in ipsec.conf to
delete identical IKE_SAs, but then it should keep one or the other (man

> Q. Is it correct according to the IKEv2 Protocol?

IKEv2 does not define higher level details when a peer can initiate or
delete an IKE_SA, it just defines how to do it.


More information about the Users mailing list