[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using config mode together with extended authentication

To: <ipsec@lists.tislabs.com>
Subject: Using config mode together with extended authentication
From: "Geoffrey Huang" <ghuang@cisco.com>
Date: Thu, 13 Mar 2003 12:07:38 -0800
Importance: Normal
Sender: owner-ipsec@lists.tislabs.com

I've looked over the sections regarding EAP/XAuth and Config mode in
IKEv2-05, and there are packet descriptions in each section describing
what IKE looks like if either one is used.  But what happens if you do
the cfg request and EAP?  Based on the EAP description, the responder
sends an EAP request in the 4th message, starting off an EAP exchange.

But the Cfg Request description says that the initiator sends a CP
payload before the SAi2 payload.  Does this mean that if we do both CP
and EAP it looks like:

INIT             RESPO
msg1   ---->
       <----     msg2
msg3+CP ---->    
       <----     msg4+EAP
EAP    ---->
       <----     CP reply, etc.

Maybe it's described in the document, and I just missed it.

-g

Follow-Ups:
- RE: Using config mode together with extended authentication
  - From: "Darren Dukes" <ddukes@cisco.com>

Prev by Date: RE: "Me Tarzan, You Jane" in IKEv2-05
Next by Date: Re: Another field for traffic selector?
Prev by thread: Re: "Me Tarzan, You Jane" in IKEv2-05
Next by thread: RE: Using config mode together with extended authentication
Index(es):
- Date
- Thread