[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC 2521



At 10:41 AM -0500 3/15/02, Hu, Shicai wrote:
>I am working on BITW implementation of IPSec. In some cases, the host behind
>the IPSec device requires the IPSec device sends a
>security failures message back to the host whenever IKE or ESP process
>fails. Is RFC 2521 suppose to provide some guidance or standard
>to handle this kind of situation?
>
>Thanks
>
>
>Shicai Hu
>Cryptek

The standards do not specify a means for providing this info, but one 
could reasonably use an ICMP Destination Unreachable, with a suitable 
error code.  I think there have been some recent proposals for new 
error codes that might be applicable here.

Steve