I have two peers that are communicating using IPsec and IKE to establish
their SAs. One of the peers, call it peer A, always initiates conversation
with the other, peer B (never the other way around). It seems that if peer
B resets (or otherwise loses its IPsec SA information), then peer A will not
be able to initiate communications with peer B until peer A's SAs expire
(peer A at the OS layer has no idea that peer B has lost its IPsec SA
information), as peer A will be encrypting via its existing IPsec SA. Is
this true? Is there a way to 'correct' this at the IPsec layer? Thanks!