Hi Vijay,
I have some question on ikev2-redirect-10 draft.
In section 5,
------
Once the client sends an acknowledgment to the gateway, it SHOULD
delete the existing security associations with the old gateway by
sending an Informational message with a DELETE payload. The gateway
MAY also decide to delete the security associations without any
signaling from the client, again by sending an Informational message
with a DELETE payload. However, it should allow sufficient time for
the client to setup the required security associations with the new
security gateway. This time period should be configurable on the
gateway.
-------
Suppose after sending N[REDIRECT] in case of Gateway initiated redirect,
there is a time gap for client to delete old SA and create new SA with
redirected Gateway.
During this time, IKE REKEY occurs from gateway or client, what should be
the behavior, should it REKEY on old SA or defer the rekey ?
Also, when deleting IKE SA, due to redirect, is there any way to know that
this delete is sue to redirect ?
Thanks,
Raj
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
