Re: changes in VPN phase II
☄ Helpfulby nikolaj 2017/05/19 04:45:37
If, for example, you add another encryption/MAC pair to the existing one, traffic will continue to flow. If you change the key lifetime the shorter of both will be negotiated and traffic continues.
Usually, you make the changes on the remote side, see the tunnel down or not, and make the changes on the local side. Or, to play safe, enable HTTPS or SSH access on the WAN port of the remote FGT temporarily.
Ede " Kernel panic: Aiee, killing interrupt handler!"