[Swan] lifetime kilobytes

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Thu Oct 14 17:25:54 UTC 2021

On Thu, Oct 14, 2021 at 01:22:51PM -0400, Paul Wouters wrote:
> On Thu, 14 Oct 2021, Kontakt wrote:
> > I want to set up the ikev1 tunnel, where the other party expects from me the parameter 
> > "crypto map set security-association lifetime kilobytes 4608000" - I do not see this parameter in the configuration. the changelog doesn't mention this
> > either. Can I ask for help in its configuration? on the other side I believe is cisco / ace
> This functionality is not available but should make it in the next
> release.
> Note however, that lifetimes are not negotiated. Either side configured
> it, and whenever a side deems the maximum is reached, it is up to them
> to initiate a rekey or reauthentication. So this option is at least not
> preventing you from establishing an IPsec connection.
> Note also that 4.6MB is a very small amount of traffic if this lifetime
> is associated with ESP. For IKE it might be okay, but a little strange
> to specify.

4608000 kilobytes is 4.6GB so not terribly small.

Len Sorensen

More information about the Swan mailing list