[j-nsp] IKE Key Life-times on J-series vs. SRX
Devin Kennedy
devinkennedy415 at hotmail.com
Thu Jun 2 16:43:35 EDT 2011
Thanks Stefan. This is what I was thinking should be the case as well.
-----Original Message-----
From: Stefan Fouant [mailto:sfouant at shortestpathfirst.net]
Sent: Thursday, June 02, 2011 4:29 PM
To: 'Devin Kennedy'; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] IKE Key Life-times on J-series vs. SRX
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Devin Kennedy
> Sent: Thursday, June 02, 2011 3:59 PM
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] IKE Key Life-times on J-series vs. SRX
>
> Does anyone know if the lifetime value used for the IKE session is
> determined by the initiator? It appears from the behavior I've
> observed that the lifetime value is always determined by whichever
> peer is in the initiator role.
That shouldn't be the case, but will need to do some digging.
It should always be that the peers use the lesser of the two lifetime
settings as their negotiated IKE SA lifetime.
Stefan Fouant
JNCIE-M #513, JNCIE-ER #70, JNCI
GPG Key ID: 0xB4C956EC
More information about the juniper-nsp
mailing list