[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ISAKMP Delete Payload (2)
On Thu, 21 Sep 2000 antonio.barrera@nokia.com wrote:
> If IKE receives a Delete payload for an ISAKMP SA does it imply that
> the IPSEC SA negotiated by this ISAKMP SA must be deleted as well, or they
> can be left in use until they expire?
Generally, the latter. In particular, identity PFS (section 8 of RFC 2409)
*requires* that IPsec SAs persist beyond the ISAKMP SA used to create them.
Henry Spencer
henry@spsystems.net
References: