[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: issues with IKE that need resolution

To: Bronislav Kavsan <bkavsan@ire-ma.com>
Subject: Re: issues with IKE that need resolution
From: Daniel Harkins <dharkins@cisco.com>
Date: Tue, 15 Sep 1998 13:26:40 -0700
cc: ipsec@tis.com
In-reply-to: Your message of "Tue, 15 Sep 1998 16:08:21 EDT." <35FEC935.DF4AB143@ire-ma.com>
Sender: owner-ipsec@ex.tis.com

  There is no recovery logic in IPSec, I guess. This sounds like an
IPSecond issue (and is also not really IKE-specific).

  Dan.

On Tue, 15 Sep 1998 16:08:21 EDT you wrote
> Dan,
> 
> Thanks for pointing out this statement in the standard, but.....what will be 
>the
> connection recovery logic for an IPsec Client, which rebooted in the middle o
>f
> receiving IPsec traffic? If IPsec Client keeps silent - tt make take sender h
>ours
> before figuring out what happened.
> 
> Daniel Harkins wrote:
> 
> >   Slava,
> >
> >   Section 5.2.1 of draft-ietf-ipsec-arch-sec-07.txt states:
> >
> >       Use the packet's destination address (outer IP header), IPsec
> >       protocol, and SPI to look up the SA in the SAD.  If the SA
> >       lookup fails, drop the packet and log/report the error.
> >
> >   Dan.

References:

Re: issues with IKE that need resolution

From: Bronislav Kavsan <bkavsan@ire-ma.com>

Prev by Date: Re: issues with IKE that need resolution
Next by Date: Re: issues with IKE that need resolution
Prev by thread: Re: issues with IKE that need resolution
Next by thread: Re: issues with IKE that need resolution
Index(es):
- Main
- Thread