Re: [nn] soft-lifetime-buffer

["Troy Coulombe" <TCoulombe@telecomsys.com>]

Yep, we had to use it as well.   It was w/ a connection to a customer who was using a Cisco ASA [pix].

 

We asked J-TAC about it but didn’t _really_ get a good explanation other than::: it can extend the timing of when the re-key is accomplished. 

 

Personally, I didn’t buy the answer, but I didn’t open the J-TAC case [another engineer did] & didn’t have the cycles to press J-TAC.

 

Again, FWIW it has seemed to help w/ “bad spi” messages.

 

 

--
TroyC
c: 425.299.8305
d: 206.792.2356

---

From: nn-bounces@qorbit.net [mailto:nn-bounces@qorbit.net] On Behalf Of Arno MESGUICH
Sent: Friday, March 23, 2007 8:38 AM
To: nn@qorbit.net
Subject: [nn] soft-lifetime-buffer

 

Hi all,

 

can anybody explain me what's the purpose of this option ?
Apparently it is used when you get "bad spi" messages, because both sides try to renegociate a the ike-tunnel.

But I don't understand what it really does...

Thanks for your help.

 

Arno Mesguich
Security Engineer
Service : technique
Email : arno.mesguich@noxs.fr
Tél : +33 (0)1 41 85 10 30
Fax : +33 (0)1 41 85 10 21

Besoin de ressources techniques ?

NOXS France
9 - 11 Allée des Pierres Mayettes
92632 GENNEVILLIERS Cedex
Web : http://www.noxs.fr

 

 

 

The information contained in this message may be privileged and/or confidential. If you are not the intended recipient, or responsible for delivering this message to the intended recipient, any review, forwarding, dissemination, distribution or copying of this communication or any attachment(s) is strictly prohibited. If you have received this message in error, please so notify the sender immediately, and delete it and all attachments from your computer and network.

 

_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn