J. Sun writes:
> Matthew,
> It has to be Case #2. No where in the CREATE_CHILD_SA - IKE_SA Rekey
> exchange do you update to the other endpoint the new CHILD_SA SPIs -
> without exchanging the CHILD_SA SPIs, you'll most definitely run into
> interoperability issues, namely you'll start black
Hello,
When reading section 2.8.3. Rekeying the IKE SA Versus Reauthentication:
"IKEv2 does not have any special support for reauthentication.
Reauthentication is done by creating a new IKE SA from scratch (using
IKE_SA_INIT/IKE_AUTH exchanges, without any REKEY_SA notify payloads),"
seems to in
