Specifies the action of lifetime length, key length, and PFS of the phase 2 selection on the responder side, and the action of lifetime check in phase 1.
| obey | The responder will obey the initiator anytime(default). |
| strict | If the responder's lifetime length is not equal to the initiator's, the responder will use the initiator's value. Otherwise, the proposal will be rejected. If PFS is not required by the responder, the responder will obey the proposal. If PFS is required by both sides and the responder's group is not equal to the initiator's, then the responder will reject the proposal. |
| claim | If the responder's lifetime length is not equal to the intiator's, the responder will use the initiator's value. If the responder's lifetime length is shorter than the initiator's, the responder uses its own length AND sends a RESPONDER-LIFETIME notify message to an initiator in the case of lifetime (phase 2 only). For PFS, this directive behaves the same as strict. |
| exact | If the initiator's lifetime or key length is not equal to the responder's, the responder will reject the proposal. If PFS is required by both sides and the responder's group is not equal to the initiator's, then the responder will reject the proposal. |
Examples:
See also: IPsec