How are SAs aged on an AR

AR routers can age SAs in two ways:
- The time-based lifetime indicates the period of time an SA can exist since it is established.
- The traffic-based lifetime indicates the maximum traffic volume that an SA can process.

When the specified time or traffic volume is reached, the SA becomes invalid. When the SA is about to expire, IKE will negotiate a new SA. In this manner, a new SA is established when the old SA becomes invalid. Before the new SA is established, the two ends use the old SA to protect data flows. When the new SA is established, the two ends immediately use the new SA.

Scroll to top