[IPsec] Question on TS_UNACCEPTABLE

Kalyani Garigipati (kagarigi) Tue, 31 Mar 2009 05:09:18 -0700

Hi,


Please clarify the following.

On the responder , if creating the Child SA during the IKE_AUTH request
processing fails for some reason like NO_PROPOSAL_CHOSEN,
TS_UNACCEPTABLE, SINGLE_PAIR_REQUIRED,INTERNAL_ADDRESS_FAILURE, and
FAILED_CP_REQUIRED, then should we be sending AUTH, IDr and CERT
payloads as usual in AUTH response ?

Something like below flow.


HDR, SK {IDi, [CERT,] [CERTREQ,]
       [IDr,] AUTH, SAi2,
       TSi, TSr}  -->

                                      <--  HDR, SK {IDr, [CERT,] AUTH,
                                         N[TS_UNACCEPTABLE]}



Regards,
Kalyani

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

[IPsec] Question on TS_UNACCEPTABLE

Reply via email to