From owner-freebsd-security@FreeBSD.ORG  Wed Jan  7 19:50:52 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 006DD16A4CE
	for <freebsd-security@FreeBSD.ORG>;
	Wed,  7 Jan 2004 19:50:52 -0800 (PST)
Received: from hotmail.com (bay8-dav29.bay8.hotmail.com [64.4.26.86])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 22BCB43D62
	for <freebsd-security@FreeBSD.ORG>;
	Wed,  7 Jan 2004 19:50:51 -0800 (PST)
	(envelope-from jack_xiao99@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 7 Jan 2004 19:50:51 -0800
Received: from 24.192.127.147 by bay8-dav29.bay8.hotmail.com with DAV;
	Thu, 08 Jan 2004 03:50:50 +0000
X-Originating-IP: [24.192.127.147]
X-Originating-Email: [jack_xiao99@hotmail.com]
X-Sender: jack_xiao99@hotmail.com
From: "Jack Xiao" <jack_xiao99@hotmail.com>
To: <freebsd-security@FreeBSD.ORG>, <openbsd-ipsec-clients@allard.nu>
Date: Wed, 7 Jan 2004 22:50:56 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
Message-ID: <BAY8-DAV29CxL6WdqNB000223f8@hotmail.com>
X-OriginalArrivalTime: 08 Jan 2004 03:50:51.0006 (UTC)
	FILETIME=[9BAE09E0:01C3D59A]
Subject: rekeying problem between isakmpd and cisco 7000
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jan 2004 03:50:52 -0000

Hi,

I have a rekeying problem between FreeBSD4.9 (running isakmpd) and a Cisco
7000 box. The rekeying time of these two are not same, so even they new SAs
are created on isakmpd side, the tunnel doesn't work at all. On isakmpd
side, I know it creates new SA when SA life time passes 90%. But I don't
know when Cisco builds the new SAs. I don't have much knowledge on Cisco and
I cannot look at the Cisco side debug information either for now.

Does anyone have similar experience? Any solutions in isakmpd itself can fix
that?

Thanks in advance!

Jack