Two new options for the establishment of IPSec tunnels are introduced. The responder-only and responder-only-no-rekey options are added to the establish-tunnels statement under the [edit security ipsec vpn vpn-name] hierarchy level. When you use these options, the VPN tunnel is established from the remote peer. In the case of the responder-only option, an established tunnel rekeys both Internet Key Exchange (IKE) and IPsec, based on the configured lifetime values.
When you use the responder-only-no-rekey option, an established tunnel does not initiate rekeying from the device but relies on the remote peer to initiate rekeying.
