Balaji J writes:
> Recently i have started reading the IKEv2 RFC(5996).
> I need a clarification on assigning the ip address using ikev2 protocol as
> below which i couldn't find in the RFC4718:
Note that RFC5996 is more resent than RFC4718 and RFC5996 obsoletes
both RFC4306 and RFC4718, so not al
Frank Bailey writes:
> In section 2.8 it talks about when rekeying a Child SA or an IKE SA, that
> the peers should establish an 'equivalent' SA. The question I have,
> is what is meant by equivalent?
It means mostly same... I.e. protecting same traffic and using same
parameters, ciphers etc.
>
Vinod Sasi writes:
> Many thanks for your reply; this is helping me to a great extent.
In the RFC6071 we do note that those combined mode ciphers are not
feature of the old IPsec-v2 set (i.e IKEv1). I would recommend not to
implement them using IKEv1, as there might be quite a lot of
interoperabi
Here's a little more explanation of this text from RFC 6071:
>Although ESP-v2 did not originally include combined mode algorithms,
>some IKEv1 implementations have added the capability to negotiate
>combined mode algorithms for use in IPsec SAs; these implementations
>do not includ
