[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ipsec] Number of Proposals in IKE_SA_INIT exchange for IKE_SA andfirst CHILD_SA ??
khan wadood writes:
> How may proposals Initiator will send in the first
> xchange i.e., IKE_SA_INIT. If Initiator wants to make
> two SAs i.e., IKE_SA and first CHILD_SA(piggybacked
> with IKE_SA) having same cryptographic suite.
Depends on the policy. The CHILD_SA parameters does not affect to
that, as CHILD_SA proposals are sent inside the another SA payload
inside the IKE_AUTH exchange (SAi2, SAr2).
SAi1, and SAr1 are only used for IKE_SA, and the SAi1 can have
multiple proposals, if those are acceptable, and SAr1 will always have
one selected proposal.
--
kivinen@safenet-inc.com
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec