On Fri, Sep 26, 2003 at 06:20:39AM +0200, Christoph Kaegi wrote:
> Hm, what does that mean? Can I do something about it, so the SA
> doesn't die? Who can it die anyway?

setkey -D, both while working and once failed.

there are lifetimes to SA's, both in terms of time and bytes.
Normally, the SA's would be renegotiated by an IKE agent like
racoon.  You may have to explicitly set yours to 0, though I'd
imagine that should be the default for manually-added SAD entries.

--
Dan.