[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Invalid SPI RFC2408 5.5

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: Invalid SPI RFC2408 5.5
From: Richard Robinson <rrobinson@efficient.com>
Date: Thu, 5 Apr 2001 10:34:48 -0700
Sender: owner-ipsec@lists.tislabs.com

hi-
I hope this is the right place to get this question answered.  If not, my
apologies.

I am trying to fix a problem when we send a notification payload with
message type CONNECTED.
The other end of the tunnel does not accept a zero-length SPI which we had
been doing.
I am now trying to find out where to get a nice 4-octet SPI that it will
accept (it's logs are indicating
that it does not like the SPI we are supplying).  Is it the same SPI that we
send out in a
RESPONDER_LIFETIME notification?  Just what makes an SPI valid or invalid
(aside from using 0-255)?

As a small aside, what situations were envisaged when the COMMIT bit was
designed?  Why would I, the
responder, not be ready for traffic, at the end of phase 2 negotiations?

thanks,
richard

Richard Robinson, Senior Software Engineer
Efficient Networks
rrobinson@efficient.com
408-357-6703 
All disclaimers apply.

Richard

Prev by Date: Re: IPsec and RTP crypto
Next by Date: RE: Death to AH (was Re: SA identification)
Prev by thread: Re: SCTP and IPsec issues
Next by thread: Changing destination IP address midstream
Index(es):
- Main
- Thread