[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Synchronisation in IKE

To: ipsec@lists.tislabs.com
Subject: Synchronisation in IKE
From: antonio.barrera@nokia.com
Date: Tue, 28 Nov 2000 11:27:36 +0200
Sender: owner-ipsec@lists.tislabs.com

	I think this is a very important issue and is giving me plenty of
headaches.
Is there any documents that talks about how to resynchronise IKE
negotiations.
Any advice on the subject would be greatly appreciated.
	Take as an Example the next case:

	1- A (Initiator) negotiates with B (Responder)
	2- B reboots and is unable to send any delete notification.
	3- A can't talk to B anymore (A has IPSEC SAs, but no B) I have no
solution for this. IDEAS?
	4- IPSEC SAs in A expire. A Initiates a Quick mode negotiation but B
doesn't have ISAKMP SAs either
	   That could be solved letting A detect that B can't negotiate and
initiating a new Phase I negotiation.
	   Is there any problem with this solution? If yes is there an
alternative? 
	   What do I do with the old ISAKMP SA? Keep or destroy it? I'd
destroy it, but not sure if can give any problem.

I'd really appreciate any response.
Thanks in advance.

Toni

Follow-Ups:

RE: Synchronisation in IKE

From: "sridharj" <sridharj@future.futsoft.com>

Re: Synchronisation in IKE

From: "Stephane Beaulieu" <stephane@cisco.com>

Prev by Date: Re: On transport-level policy enforcement (was Re: RFC 2401...)
Next by Date: I-D ACTION:draft-ietf-ipsec-dhcp-08.txt
Next by thread: Out of Sync Security Policies
Index(es):
- Main
- Thread