[strongSwan] IKE SA's are getting deleted
Martin Willi
martin at strongswan.org
Tue Aug 3 10:24:11 CEST 2010
Hi,
> Q. Can you tell me what can be the reason behind this?
Probably your gateway has a policy to enforce for identical IKE_SAs. If
you are running strongSwan, we have a uniqueids= option in ipsec.conf to
delete identical IKE_SAs, but then it should keep one or the other (man
ipsec.conf).
> Q. Is it correct according to the IKEv2 Protocol?
IKEv2 does not define higher level details when a peer can initiate or
delete an IKE_SA, it just defines how to do it.
Regards
Martin
More information about the Users
mailing list