From: mohini_k...@hotmail.com
To: ipsec@ietf.org
Subject: IPSec responder cookie
Date: Thu, 25 Jun 2009 18:04:49 +0530
Hi,
I have a doubt regarding the value of Responder cookie in ISAKMP protocol.
When I read RFC 2408, Sec 2.5.3, it tells that the initiator and responder
cookie must be set to a random value.
What I understand from this is, the responder cookie can have any value
disregard to the cookie value from initiator.
But when I verify this in a Cisco device (initiator), it generates ISAKMP main
mode message with initiator cookie (let it be X).
When
I send an ISAKMP main mode message, with responder cookie same as Cisco
device (X) or incrementing it by one (X+1), it is discarding. (However
it is processing the message with other values).
Again
when I do the same in a Linux machine as in Cisco, it is discarding the
responder cookie with same value (X), however processing responder
cookie with value incremented by one (X+1).
1.
Could someone explain me why Cisco and Linux validates ISAKMP main mode
message with responder cookie differently? And which is the right
validation?
2. Is there any other RFCs where I can get more information about validation of
ISAKMP main mode message with responder cookie?
Thanks in advance.
Regards
Mohini
MSN Battles We pitch one stalwart against the other and give you the power. Who
will you vote for? Share photos while you chat with Windows Live Messenger.
_________________________________________________________________
Missed any of the IPL matches ? Catch a recap of all the action on MSN Videos
http://msnvideos.in/iplt20/msnvideoplayer.aspx
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
