At 9:08 AM -0400 5/26/09, Gunduzhan, Emre wrote:
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_068F06DC4D106941B297C0C5F9F446EA3CB241D43Faplesstripedo_"
Steve,
Thanks for the clarification. So, at the end of the initial IKE_AUTH
exchange, there will (typically) be a pair of CHILD SAs created, one
in each direction, is this correct?
yes.
That is, you never create a single SA by IKE_AUTH or
CREATE_CHILD_SA, and create another SA in the other direction by a
subsequent CREATE_CHILD_SA?
yes.
This is really ambiguous in RFC 4306 (at least to me) and would be
great if it can be clarified in the revised version.
Thanks,
Emre
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
