[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    RE: [Sidewinder] Rekey message that log that makes no sense
From:       sidewinder-admin () adeptech ! com
Date:       2003-12-17 16:22:35
[Download RAW message or body]

Dan,

	The four possible states here for your IKE negotiation are larval,
mature, dying, or dead.  This state is related to the life of the SA.  A
larval state should indicate a very new key exchange whereas a dying state
would indicate that a rekey is needed.  In IKEv2 if there are a large number
of connections in a larval state rekeys will switch from stateful to
stateless to help prevent DoS attacks that use up all system resources by
sending partial IKE requests to the VPN device.  Thats all I remember about
this.  You might find more information in the IPSec RFCs.

Regards,
Jeffery Gieser


-----Original Message-----
From: sidewinder-admin@adeptech.com
[mailto:sidewinder-admin@adeptech.com]
Sent: Tuesday, December 16, 2003 17:31
To: sidewinder@adeptech.com
Subject: [Sidewinder] Rekey message that log that makes no sense


I get the following as part of a rekeying message when using Softremote
with my Sidewinder G2. It is a shared secret with XAUTH vpn. This
message usually preceeds a failure by 2-10 minutes. Does anybody know
what the LARVAL means, or how it falls into this state? So far nobody at
tech support knows. 

[state info]
    init/resp: INITIATOR, condition: LARVAL
  [local gateway] IPV4_ADDR-64.118.109.196
  [remote gateway] IPV4_ADDR-64.118.111.123
  lifetime (in seconds): 3600
  [IKE info]
    [local identity]
      IPV4_ADDR-64.118.109.196


Thanks

Dan Sichel, Network Engineer
Ponderosa Telephone Company
(559) 868-6367

_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic