Hi All
IPv6 Peer1 ------------------ IPv6 Peer 2
I have one question, for IKE IPv6 Solution.
Assume in IPsec6 Policy I have configure Source IPv6 Address and
Destination IPv6 Address as Traffic selector, now IPSEC SA is not yet
establish.
When IKE Triggers, SA Negotiation and that time for peer address, ND not
yet done.
In this condition, Initiator starts NS to resolve Peer Address,
Other end replies with NA, which is a Uncast packet Now this unicast
packet is comes under IPsec6 policy, So Peer2 can not send it un-
encrypted, and for encryption SA is not yet ready.
Even if Peer2 sends un-encrypted packets , this NA packet may drop in
Peer1, as it matches IPsec Policy and still packet is un-encrypted.
So, Is there any standard to handle such scenario? Else we need to
update standard to Support IPSEC6/IKE6.
With Regards
Syed Ajim
****************************************************************************
This e-mail and attachments contain confidential information from HUAWEI,
which is intended only for the person or entity whose address is listed
above. Any use of the information contained herein in any way (including,
but not limited to, total or partial disclosure, reproduction, or
dissemination) by persons other than the intended recipient's) is
prohibited. If you receive this e-mail in error, please notify the sender by
phone or email immediately and delete it!
****************************************************************************
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
