The following timers are used by the Authenticated Internet Protocol:<12>
Notify retransmission timer (for each MM SA): Triggers a Notification payload retransmission.
Authentication retry timer (for each MM SA): Triggers the authentication retry.
Responder time-out timer (for each MM SA): Controls how long the responder waits for a message from the initiator.
MM SA lifetime (for each MM SA): The MM SA lifetime is negotiated between the peers.
NAT-T keep-alive timer (for each MM SA): This timer doesn't affect any MM SA state. This timer only controls sending the NAT-T keep alive packet, as specified in [RFC3948] section 4.
Quick mode rekey timer (for each MM SA): This timer is used during quick mode rekey.
Quick mode security association (QM SA) lifetime (for each QM SA): The lifetime for QM SAs is specified in bytes or seconds. After the lifetime of bytes or seconds expires, the Ipsec implementation MUST start a new quick mode exchange. The Authenticated Internet Protocol then acts as the initiator for the rekey.
Per-Connection state entry timer: All entries in the connection state table (except the TCP state entries) each have their own timer. This timer triggers connection entry state deletion.