This scenario tests <b>repeated authentication</b> according to RFC 4478.
The initiator <b>carol</b> sets a short <b>reauth_time=20s</b> but the responder
<b>moon</b> defining a much larger <b>reauth_time=60m</b> proposes this
value via an AUTH_LIFETIME notification to the initiator. The initiator
ignores this notification and schedules the IKE reauthentication at its
configured time. A ping from <b>carol</b> to client <b>alice</b>
hiding in the subnet behind <b>moon</b> tests if the CHILD_SA has been
recreated under the new IKE_SA.
