Re: issues with IKE that need resolution

[Bronislav Kavsan <bkavsan@ire-ma.com>]

Dan,

I think that the "stale" SA issue deserves some resolution as well - and
that is - how a just re-booted IPsec network element should react upon
receiving an IPsec traffic originated from previously established but no
longer existing IPsec connection?

I think many existing  implementations initiate MM  in this situation,
but I don't think it is a "good" practice, on the other hand sending
DELETEs to the other end  is not required and delivery is not guranteed,
but on the other hand how do you gracefully re-engage with the other
end, which has no clue what happened........

Slava Kavsan
IRE

---

References:

• Re: issues with IKE that need resolution
• From: "Hilarie K. Orman" <ho@earth.hpc.org>

---

• Prev by Date: Re: issues with IKE that need resolution
• Next by Date: Re: issues with IKE that need resolution
• Prev by thread: Re: issues with IKE that need resolution
• Next by thread: Re: issues with IKE that need resolution
• Index(es):
  • Main
  • Thread