[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: issues with IKE that need resolution
Dan,
I think that the "stale" SA issue deserves some resolution as well - and
that is - how a just re-booted IPsec network element should react upon
receiving an IPsec traffic originated from previously established but no
longer existing IPsec connection?
I think many existing implementations initiate MM in this situation,
but I don't think it is a "good" practice, on the other hand sending
DELETEs to the other end is not required and delivery is not guranteed,
but on the other hand how do you gracefully re-engage with the other
end, which has no clue what happened........
Slava Kavsan
IRE
References: