can someone tell me what is the difference beween PFS activated in
iManager and the "IKE PFS" Set parameter ?

All the docs tell that it must be ticked in iManager but it's always "0"
(=no PFS) by default in the Set parameter. I'm confused..

If i'm not wrong (i can be..), PFS is a way to force the DH key to be
recalculated during IKE Phase 2 (Quick Mode) which is costly in term of
exchange beetween the two hosts trying to build the SA.

But it's normally an option. We're not a security agency and i would
like to try to see if it makes some SAs easier to build between machines
fat away and using not so good lines..

Also did someone test the agressive mode instead of using the main
mode.. . I know that it's less security but i'm concerned to facilit the
build of some SAs, and it's two times less messages

if PFS is not enabled on some machines, will those with PFS enable will
accept anyway to start the exchange (must be written in the RFC but a
live opinion is always interesting..) ?

Same question for the agressive mode.. Normally all the machines should
not to have the same mode i think.. In the IKE screen we see sometimes
the responder trying first the main, then the agressive mode when there
is a problem during the initial exchange

Last question (sorry for the long list).. Where are stored the SAs
informations?? There is normally a SPD, i suppose that it's eDir.. But
what about the SPI infos ? In a cache ? In memory ? in _Netware or any
hidden directory ?