+1 Paso.Eronen wrote: > > Yaron Sheffer wrote: > > > [Sec. 3.15.1:] > > > > Tero: > > > > The text 'The requested address is valid until there are no IKE_SAs > > between the peers.' is incorrect, it most likely should say 'The > > requested address is valid as long as this IKE SA (or its rekeyed > > successors) requesting the address is valid.' > > > > I.e. even if another IKE SA is created between the peers > that does not > > keep the address allocated in another IKE SA alive, unless > it is also > > allocated in that IKE SA. This is especially the case where > let's say > > multi user hosts do per user IKE SAs and want to allocate > IP addresses > > separately for each user. > > > > Paul: Not done. This should be discussed on the mailing list. > > I think Tero is right; the scope of configuration payloads is > this IKE SA *and* its continuations via rekeying. > > Best regards, > Pasi
Email secured by Check Point _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
