At 11:22 PM +0200 12/10/09, Yaron Sheffer wrote: >I think Tero's text is somewhat speculative in assuming that this error case >only results from exhaustion of the address pool - I'm sure there can be other >reasons. Otherwise the text is OK.
Good point. Current: > The timeout should not be too > short (especially if the IKE SA is started from the beginning), as > these error situations will only be fixed when more entries are > returned to the address pool of the responder, thus it will not be > fixed in seconds, but more likely it takes several minutes. Proposed: > The timeout should not be too > short (especially if the IKE SA is started from the beginning) > In many cases, the cause of the errors is that the address pool of > the responder is depleted, and this can > only be fixed when more entries are > returned to the address pool of the responder. This is likely > to take several minutes. --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
