[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Daemon Recovery

To: Matt Thomas <matt.thomas@altavista-software.com>
Subject: Re: Daemon Recovery
From: Derrell Piper <piper@cisco.com>
Date: Wed, 08 Oct 1997 16:11:02 -0700
cc: ipsec@tis.com
In-reply-to: Your message of "Wed, 08 Oct 1997 16:22:13 EDT." <3.0.3.32.19971008162213.0078d8bc@ranier.altavista-software.com>
Sender: owner-ipsec@ex.tis.com

>It's worth having the functionality but it's not required to have
>two different messages.  Use the DOI already present in the notify
>message to define the scope of what SA's should be nuked.  If the
>system rebooted and lost all SA's, send two notify's -- one for the
>ISAKMP DOI and one for the Internet DOI.

Ah, I see the confusion.  There isn't a separate DOI for ISAKMP.  You say
that the message is directed at an ISAKMP SA if the message ID field (back
in the generic ISAKMP header) is zero.

I'm going to leave it a single message for now, with the assumption being
that this is being sent because the host rebooted and lost all state.
That's the problem we're most concerned with.

Derrell

Follow-Ups:

Re: Daemon Recovery

From: Matt Thomas <matt.thomas@altavista-software.com>

References:

Re: Daemon Recovery

From: Matt Thomas <matt.thomas@altavista-software.com>

Prev by Date: Re: Daemon Recovery
Next by Date: Re: Daemon Recovery
Prev by thread: Re: Daemon Recovery
Next by thread: Re: Daemon Recovery
Index(es):
- Main
- Thread