[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Questions about IKE

To: ipsec@tis.com
Subject: Questions about IKE
From: Anupama Potluri <anupama@trinc.com>
Date: Fri, 10 Apr 1998 11:55:19 +0500
Sender: owner-ipsec@ex.tis.com

Hi all,

· The ISAKMP RFC (and so IKE) says that the peers establishing the SA may
be doing so on behalf of clients.  So, when we have to send out a packet to
a remote machine, how do we know which are the ISAKMP peers for this
connection? 
· What are the default values for the attributes of an ISAKMP SA if they
are not negotiated?
· What is to be done if a phase 2 exchange type is detected before a phase
1 exchange is complete or if there is no such ISAKMP SA as indicated by the
cookie pair? Send a notify message? If so, which message?
· The SPI value included in the proposal payload --- is the value given by
initiator assumed to be for the incoming SA into the initiator? And vice
versa for the responder?
· What happens if, in the middle of the quick mode exchange, the ISAKMP SA
expires? Do we drop the datagram for which the quick mode exchange was
initiated or start a new phase 1 negotiation and continue with the phase 2
negotiation?

Regards,
Anupama

Prev by Date: Question about PFKEYv2
Next by Date: Re: Question about PFKEYv2
Prev by thread: Re: Question about PFKEYv2
Next by thread: No Subject
Index(es):
- Main
- Thread