Hi,
I have a doubt regarding the value of Responder cookie in ISAKMP protocol.
When I read RFC 2408, Sec 2.5.3, it tells that the initiator and responder
cookie must be set to a random value.
What I understand from this is, the responder cookie can have any value
disregard to the cookie value from initiator.
But when I verify this in a Cisco device (initiator), it generates ISAKMP main
mode message with initiator cookie (let it be X).
When
I send an ISAKMP main mode message, with responder cookie same as Cisco
device (X) or incrementing it by one (X+1), it is discarding. (However
it is processing the message with other values).
Again
when I do the same in a Linux machine as in Cisco, it is discarding the
responder cookie with same value (X), however processing responder
cookie with value incremented by one (X+1).
1.
Could someone explain me why Cisco and Linux validates ISAKMP main mode
message with responder cookie differently? And which is the right
validation?
2. Is there any other RFCs where I can get more information about validation of
ISAKMP main mode message with responder cookie?
Thanks in advance.
Regards
Mohini
_________________________________________________________________
Stay updated! Add Facebook, LinkedIn, MySpace & Hi5 friends to your Windows
Live network instantly. Add Now!
http://profile.live.com/webactivities/?mkt=en-in
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
