Hi, I had a query related to the IKEv2 SA existance and the method used to delete it. IKEv2 protocol supports continous channel mode, which implies that once we delete IKEv2 SA, all the IPSec SAs created using this IKEv2 SA also get deleted. However, if the last IPSec SA is deleted, the IKEv2 SA is not deleted. Is this understanding correct? If the above is correct, what is the purpose of having this standalong IKEv2 SA? Since maintaining the IKEv2 SA consumes resources in the system, what is the advantage offered by having this standalong IKEv2 SA? If the standalone IKEv2 is indeed brought up, when is this IKEv2 SA deleted and what is the method used to delete this IKEv2 SA? One example is a phase 2 proposal mismatch, in which case, we can still bring up the IKEv2 SA only. How is the IKEv2 SA deleted in this case and in any other general case? I could not find much information on this in the draft and hence more clarity would help. Thanks Raghu
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
