Thanks Paul and Yoav, excuse me for late reply. Tunnel waitting for traffic means that all traffic have to go through this tunnel anyhow. the scenario I described is that after IKE procedure, but all the traffic will not go through this Ipsec tunnle since they are point to point connection.
Many thanks for your advice. -Hui 2009/5/14 Paul Hoffman <[email protected]>: > At 6:53 PM +0300 5/13/09, Yoav Nir wrote: >>Paul Hoffman wrote: >>> >>> At 8:56 PM +0800 5/13/09, Hui Deng wrote: >>> >Dear IPsec forks, >>> > >>> >May I consult one question here: >>> > >>> >Whether we could still do IKEv2 negotiation >>> (Authenticaiton), but not >>> >use IPsec tunnel? >>> >>> You never need to use a tunnel, regardless of how it was >>> brought up. The tunnel can just sit there, feeling lonely and >>> abandoned, waiting for traffic. >> >>Yes, but you can't rely on the peer not having a policy that says "all >>tunnels that are idle for 30 seconds get deleted" > > Of course, but that's not what Hui asked. In his scenario, he should assume > that the tunnel will get nuked by one side or the other either due to disuse > or an active management choice. > > --Paul Hoffman, Director > --VPN Consortium > _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
