Scott C Moonen writes:
> 1) I still prefer to echo back TS payloads as I described. I realize that
> the TS payloads are the only opportunity that IKEv2 has to reproduce the
> effect of IKEv1's NAT-OA payloads. But using the traffic selectors in
> this way -- and only if the responder ends up
Bhaskar Dutta writes:
> As Tero pointed out, the support is there, but he doubts if any real
> testing has been
> done. Once I figure out how to specify the configuration with
> ipsec-tools I am planning
> to test it out thoroughly.
I talked only about our own implementation (quicksec), not about
Tero, changing the MUST to MAY is ok. If we choose SHOULD then I would
prefer to present alternatives, something to the effect of "SHOULD either
[do what you proposed] or accept the proposal with the use of tunnel mode,
as appropriate."
Scott Moonen (smoo...@us.ibm.com)
z/OS Communications Se
