[j-nsp] IKE Key Life-times on J-series vs. SRX

Stefan Fouant sfouant at shortestpathfirst.net
Thu Jun 2 16:28:38 EDT 2011


> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Devin Kennedy
> Sent: Thursday, June 02, 2011 3:59 PM
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] IKE Key Life-times on J-series vs. SRX
> 
> Does anyone know if the lifetime value used for the IKE session is
> determined by the initiator?  It appears from the behavior I've
> observed
> that the lifetime value is always determined by whichever peer is in
> the
> initiator role.

That shouldn't be the case, but will need to do some digging.

It should always be that the peers use the lesser of the two lifetime
settings as their negotiated IKE SA lifetime.

Stefan Fouant
JNCIE-M #513, JNCIE-ER #70, JNCI
GPG Key ID: 0xB4C956EC



More information about the juniper-nsp mailing list