[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RFC 2521
At 10:41 AM -0500 3/15/02, Hu, Shicai wrote:
>I am working on BITW implementation of IPSec. In some cases, the host behind
>the IPSec device requires the IPSec device sends a
>security failures message back to the host whenever IKE or ESP process
>fails. Is RFC 2521 suppose to provide some guidance or standard
>to handle this kind of situation?
>
>Thanks
>
>
>Shicai Hu
>Cryptek
The standards do not specify a means for providing this info, but one
could reasonably use an ICMP Destination Unreachable, with a suitable
error code. I think there have been some recent proposals for new
error codes that might be applicable here.
Steve
- References:
- RFC 2521
- From: "Hu, Shicai" <shicai@cryptek.com>