What is a Security Association (SA).

The concept of a 'Security Association' (SA) is fundamental to IPsec. A Security Association (SA) is a set of security policies and crypto keys used to protect the IKE SA or the IPsec SA.

• The same IKE SA is used to protect incoming and outgoing traffic.
• Two distinct IPsec SAs (one per direction) are used for incoming and outgoing traffic.
• SA includes the specific security protections, cryptographic algorithms, and secret keys to be applied, as well as the specific types of traffic to be protected.      

What is an SPI (Security Parameters Index).

The SPI is the identifier of an IPsec SA. It is a value that, together with the destination address and security protocol (ESP), uniquely
identifies a single SA. It is used for looking up the IPsec SA database during the decryption process.

What are SA keys for IKEv1 and IKEv2.

For IKEv1, IKE uses a single SA and a single key for both directions.

For IKEv1, IPsec uses two SAs & two keys per direction.

For IKEv2, IKE uses a single SA & two keys per direction.

For IKEv2, IPsec uses two SAs & two keys per direction.

What is a SA (Security Association) rekey.

IKE and ESP(IPsec) Security Associations have a finite lifetime.

They use secret keys that should be used only for a limited amount of time and to protect a limited amount of data, which limits the lifetime of the entire Security Association.

'Re-keying' is the process of negotiating a new SA before hitting the lifetime expiry of the existing SA.

• Negotiating a new IKE SA allows for to provision of new cryptographic keys for the control traffic.
• Negotiation of a new IPsec SA allows for to provisioning of new cryptographic keys for the data traffic.

How does FortiOS handle the rekey of ADVPN shortcut tunnels.

IKE SA (Phase1) rekey :

• Spoke1 will create an IPSec VPN tunnel with Hub1.
• Spoke1 will also create an IPSec VPN shortcut tunnel with Spoke2.
• When the IKEv1 rekey (Phase1) is initiated, both devices will try to re-authenticate the IKEv1 tunnel independently from the existing SA. It is the only way to renew an IKEv1 SA (same for shortcut tunnels and parent tunnels when rekeying).
• For the IKEv1 (phase1) rekey between spokes for the shortcut tunnel, the rekey will fail because the PSK between them is temporary and will not be saved. Thus, the rekey will fail, and the IKE will negotiate the tunnel after receiving a shortcut offer from the hub when the traffic traverses the hub. So, a few packets would always traverse the hub after the IKEv1 SA lifetime expires.
• The following events in the 'VPN Events' are when the IKEv1 rekey fails, but these are normal events:

date=2021-06-27 time=13:35:59 id=6978575218893651968 itime="2021-06-27 13:36:00" euid=2 epid=2 dsteuid=2 dstepid=2 logver=700000066 logid=0101037124 type="event" subtype="vpn" level="error" action="negotiate" msg="IPsec phase 1 error" logdesc="IPsec phase 1 error" user="N/A" status="negotiate_error" remip=150.0.0.2 locip=90.0.0.2 remport=500 locport=500 outintf="port2" cookies="5107a9ab098aae35/0000000000000000" group="N/A" xauthuser="N/A" xauthgroup="N/A" vpntunnel="N/A" peer_notif="NOT-APPLICABLE" reason="peer SA proposal not match local policy" eventtime=1624826159949362758 tz="-0700" useralt="N/A" devid="FGVM0TTTTTTTTTTT" vd="root" dtime="2021-06-27 13:35:59" itime_t=1624826160 devname="Spoke1-SPLabs"

• The shortcut tunnel will be rekeyed without any interruption when using IKEv2.
• For rekey in IKEv2, the negotiation for the new IKE SA is done under the protection of the existing IKE SA. No authentication (PSK or Signature) is performed for the new IKE SA.
• It is the default behavior for FortiOS IKEv2 SA renewal: a CREATE_CHILD_SA exchange is used to negotiate the new IKEv2 SA.
  
• IKEv1 SA cannot be renewed in this way, so it needs to re-establish the shortcut tunnel every time the SA lifetime expires.
  

IPsec SA (Phase2) rekey:

When Phase2 rekey happens in IKEv1 and IKEv2, the shortcut tunnel would not flush.