Hi Vijay, Vijay> No. The client must start using the new gateway.
I think that MUST is strong word and "SHOULD" is okay. In any case, this clarity should be there in the text I mentioned before. Thanks Srini -----Original Message----- From: Vijay Devarapalli [mailto:[email protected]] Sent: Wednesday, March 18, 2009 11:36 AM To: Addepalli Srini-B22160 Cc: IPsecme WG Subject: Re: Behavior of VPN Gateway when Client does not accept/ignores REDIRECT notification Addepalli Srini-B22160 wrote: > From the draft, it is not clear on the VPN Responder behavior if > Initiator proceeds with SA establishment even after receiving "REDIRECT" > notification from the VPN Gateway. > > Draft indicates following: > > When the VPN client receives the IKE_SA_INIT response with the > REDIRECT payload, it initiates a new IKE_SA_INIT exchange with the > VPN gateway listed in the REDIRECT payload. The VPN client includes > the IP address of the original VPN gateway that redirected the > client. The IKEv2 exchange then proceeds as normal with the selected > VPN gateway. > > > I believe that VPN gateway should not stop Client proceeding further > with IKE negotiation even after it sends the REDIRECT notification in > response to IKE_SA_INIT message. No. The client must start using the new gateway. Vijay If that is what is intended, it is good > if above text clarifies that further. > > Thanks > Srini > > _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
