https://datatracker.ietf.org/doc/html/rfc7383#section-2.5.3
Currently, there are no IKEv2 exchanges that define messages,
containing both unprotected payloads and payloads, that are protected
by the Encrypted payload. However, IKEv2 does not prohibit such
construction. If some future
(I'm not on this list)
Tero Kivinen writes:
> If you use invalid syntax and tear down the SA, then at least the
> other end will know that they are doing something wrong and hopefully
> they will fix their code at some point.
>
> But I think correct option is to use exactly same protocol id than
