If the HP-UX system initiates IPsec SA negotiations, the HP-UX IKE daemon proposes the preferred lifetime values to the remote system. The remote system may process these values in any manner according to the IPsec protocol suite.
If the remote system initiates IPsec SA negotiations and sends proposed lifetime value that is as secure or more secure than the HP-UX preferred value (it is shorter than or equal to the HP-UX preferred value), the HP-UX IKE daemon accepts the lifetime value proposed by the remote system if it is within the ranges specified by the IPsec protocol suite.
If the remote system initiates IPsec SA negotiations and a proposed lifetime value is less secure (shorter than) the HP-UX preferred value, HP-UX sends an IKE NOTIFY message with its preferred value. If this value is acceptable to the remote system, the SA negotiation succeeds and the value sent in the NOTIFY message is used.
Windows IPsec SA Lifetime Values
By default, the Windows configuration does not specify any IPsec SA lifetime values and does not propose any during IPsec SA negotiations. This is equivalent to proposing the lifetime values 28,800 seconds (eight hours) and 0 (infinite) data units.
In testing with HP-UX, HP also configured specific IPsec SA lifetime values on the Windows system and observed behavior equivalent to HP-UX behavior. When the Windows system initiated the IPsec SA negotiation, it sent the configured lifetime values in the proposal. When the remote system initiated the IPsec SA negotiation, the Windows system accepted the proposed lifetime value if it was more secure than its configured value, and sent a notification message when its configured lifetime value was more secure than the value proposed by the remote system.