[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Some questions on IKE proposals...



Hi all,

A couple of questions on SA proposals in IKE.

-	Is there a method for using the NO-PROPOSAL-CHOSEN notification in
connection with a quick mode exchange?. Section 5.4 of the ISAKMP spec says
that the no-proposal notification should be sent using an informational
exchange and hence has a unique message ID. Unfortunately this gives no way
of connecting the notification with the quick mode exchange that caused it.
As the error was probably caused by the user misconfiguring policies it
would be useful to know which exchange (and hence which policy) it applied
to.

		Could this be treated the same way as the CONNECTED
notification and be sent using the quick mode message ID ?

-	When negotiating an SA protected with multiple protocols (e.g
ESP+AH) is the ordering of the ESP and AH proposals (which have the same
proposal number) significant? Does the ordering reflect the order in which
transforms will be applied? I know it really only makes sense to do ESP
first but could an implementation request AH followed by ESP ? 

Thanks,
John