[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKE v1 are multiple ISAKMP SA allowed

To: <ipsec@lists.tislabs.com>
Subject: IKE v1 are multiple ISAKMP SA allowed
From: "Saket Dandawate" <sdandawate@pace.stpp.soft.net>
Date: Fri, 10 May 2002 10:21:57 +0530
Sender: owner-ipsec@lists.tislabs.com

Hi,

I am implementing IKE v1 and i have few queries regarding ISAKMP SA
formation. Is it possible to have 2 ISAKMP SAs between the same two peers.

Consider the following case.

1. "A"  peer places request for ISAKMP SA negotiation.
2. Peer "B" also places request for ISAKMP SA negotiation at the same time.

So, at the same instance two Main Mode negotiations start. RFC 2409 says
that after Main mode negotiation the IPsec SAs can be exchanged by either
sides. So it sound logical to have only 1 main mode negotiation. So what do
we do if two Main Mode's start simultaneously?  If we have to discard one
Main Mode which one should we discard?

rfc 2409 doesnt say anything about multiple ISAKMP SA.

thanks and regards
Saket
PSS pune

Follow-Ups:
- A problem with FreeS/WAN on Redhat Linux 7.2
  - From: "Xu, Jia" <xujia@is.ac.cn>

Prev by Date: RE: ESP+AH
Next by Date: A problem with FreeS/WAN on Redhat Linux 7.2
Prev by thread: RE: ESP+AH
Next by thread: A problem with FreeS/WAN on Redhat Linux 7.2
Index(es):
- Date
- Thread