Microsoft KB Archive/256257
Article ID: 256257
Article Last Modified on 2/28/2007
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
This article was previously published under Q256257
When you configure the Internet Key Exchange (IKE) Main-mode lifetime to a value lower than the value configured for the IKE Quick-mode lifetime, the IKE Quick-mode security association (SA) expires based on the Quick-mode lifetime value.
This behavior is by design.
Quick-mode SAs remain active regardless of the Main-mode lifetime value, and can be used by a connection that is using Internet Security Protocol (IPSec) after the Main-mode SA expires. Changing this behavior could create interoperability issues with Cisco IOS.
To configure Main-mode and Quick-mode key exchange lifetime settings:
- Start the IP Security Policies on Local Machine snap-in by using Microsoft Management Console (MMC).
- Double-click the appropriate Internet Protocol (IP) security policy, click the General tab, and then click Advanced. You can configure Main-mode key exchange lifetime settings by using the Key Exchange Settings dialog box.
- Start the IP Security Policies on Local Machine snap-in.
- Double-click the appropriate IP security policy, click the Rules tab, click the appropriate IP security rule, and then click Edit.
- Click the Filter Action tab, click the appropriate filter action, and then click Edit.
- Click the appropriate security method, click Edit, and then click Settings. You can configure Quick-mode key exchange lifetime settings by using the Session Key Settings dialog box.
Additional query words: oakley
Keywords: kbipsec kbprb KB256257