Addepalli Srini-B22160 wrote:
From the draft, it is not clear on the VPN Responder behavior if
Initiator proceeds with SA establishment even after receiving "REDIRECT"
notification from the VPN Gateway.
Draft indicates following:
When the VPN client receives the IKE_SA_INIT response with the
REDIRECT payload, it initiates a new IKE_SA_INIT exchange with the
VPN gateway listed in the REDIRECT payload. The VPN client includes
the IP address of the original VPN gateway that redirected the
client. The IKEv2 exchange then proceeds as normal with the selected
VPN gateway.
I believe that VPN gateway should not stop Client proceeding further
with IKE negotiation even after it sends the REDIRECT notification in
response to IKE_SA_INIT message.
No. The client must start using the new gateway.
Vijay
If that is what is intended, it is good
if above text clarifies that further.
Thanks
Srini
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
