6-8 Administrator’s Handbook
Advanced IKE Phase | 1 Options |
Negotiation... | Normal |
SA Use Policy... | Newest SAs Immediately |
Allow Dangling Phase 2 SAs: | No |
Phase 1 SA Lifetime (seconds): | 28800 |
Phase 1 SA Lifetime (Kbytes): | 0 |
Send Initial Contact Message: | Yes |
Include Vendor ID Payload: | Yes |
Independent Phase 2 | Yes |
Strict Port Policy: | No |
Invalid SPI recovery: | No |
Traffic based Dead Peer Detection: | Yes |
DPD Keepalive Idle Time (seconds): | 20 |
Return/Enter to select <among/between> ... |
|
Normally it is not necessary to change the settings of the items on the Advanced IKE Phase 1 Options screen. Most of these settings exist for ensuring compatibility with remote IKE implementations that may have certain limitations.
•The Negotiation
•The SA Use Policy
Because the Router normally
•If you select Newest SAs Immediately, the Router will begin using the newly created Phase 1 SAs immediately after they are negotiated.
•If you select Old SAs Until Expired, the Router will continue using the old Phase 1 SAs until they expire and will begin using the newly created Phase 1 SAs only after the old ones are no longer valid.
•Allow Dangling Phase 2 SAs toggles whether or not Phase 2 SAs are permitted to survive the expiration of the Phase 1 SAs under which they were created. Phase 2 SAs “dangle” when the Phase 1 SA under which they were created expires before they do. There is no requirement that the Phase 1 SA exist for the duration of the Phase 2 SA’s lifetime, but it is convenient because a Delete message may be sent.
•Phase 1 SA Lifetime (seconds) specifies the duration in seconds for which the SA will remain valid. The range of permissible values is the set of
•Send Initial Contact Message toggles whether or not the IKE negotiation process begins by sending an initial contact message. The default is Yes.
