Hi Paul, My question was , during the AUTH exchange if failure happens due to reasons like NO_PROPOSAL_CHOSEN, TS_UNACCEPTABLE, SINGLE_PAIR_REQUIRED, INTERNAL_ADDRESS_FAILURE, and FAILED_CP_REQUIRED, Should we still bring IKEV2 SA as usual? RFC says we can still bring the IKeV2 SA as usual, but my doubt is if this is mandatory or optional?
My question was not during Child SA Creation. Regards, kalyani -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Paul Hoffman Sent: Tuesday, March 31, 2009 11:38 PM To: Kalyani Garigipati (kagarigi) Cc: [email protected] Subject: Re: [IPsec] Ticket #9 At 5:32 PM +0530 3/31/09, Kalyani Garigipati (kagarigi) wrote: >Hi , > >Please clarify the following . > >1. Is it mandatory or optional (implementation dependent) to create an >IKEV2 sa when IKE_AUTH exchange fails for reason like >NO_PROPOSAL_CHOSEN, TS_UNACCEPTABLE, >SINGLE_PAIR_REQUIRED,INTERNAL_ADDRESS_FAILURE, and FAILED_CP_REQUIRED ? I am unclear on what you are asking. The IKE SA is already set up when the child SA creation fails. Thus, it does not need to be created. --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
