[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Daemon Recovery

To: Matt Thomas <matt.thomas@altavista-software.com>
Subject: Re: Daemon Recovery
From: Derrell Piper <piper@cisco.com>
Date: Wed, 17 Sep 1997 13:54:58 -0700
cc: ipsec@tis.com
In-reply-to: Your message of "Wed, 17 Sep 1997 16:50:15 EDT." <3.0.3.32.19970917165015.030bacb8@ranier.altavista-software.com>
Sender: owner-ipsec@ex.tis.com

Matt,

>Be careful.  If your ISAKMP daemon dies and restarts AND your IPSEC SAs
>are kept elsewhere (kernel, another daemon, whatever) you only want to
>the remote ISAKMP daemon to forget about ISAKMP SAs.  It should leave 
>the IPSEC SAs alone.  

Oh yeah, agreed.

>The messages (I'd call it RESTART) should send include the DOI for which
>the SAs should be forgotten.  Multiple RESTART notification payloads can
>be included if more than one DOI needs to flushed.

The DOI is included in the Notification Payload.  If you wanted to flush
more than one DOI, you could include more than one Notification Payload
in a single informational exchange.

Assuming we went this route...

Derrell

References:

Re: Daemon Recovery

From: Matt Thomas <matt.thomas@altavista-software.com>

Prev by Date: Re: Daemon Recovery
Next by Date: Re: Daemon Recovery
Prev by thread: Re: Daemon Recovery
Next by thread: Re: Daemon Recovery
Index(es):
- Main
- Thread