Hello experts, I have a generic doubt regarding the ISAKMP SA(phase 1) life time negotiation. My query is can we agree up on the ISAKMP life time in the first two messages of MM or AM.
What I want to know is - the life time is sent as an proposal attribute in the first two messages of Main mode and aggressive mode. We are not negotiating the parameter so if the responder is having a less life time value configured - then can we transfer this info in the MM2 or AM2 message from the responder along with the negotiated proposal attributes. Basically I am trying to change the life time attribute sent by the initiator - in this scenario. We have the responder life time notify mechanism as per the draft (draft-ietf-ipsec-ike-lifetime-00), but the separate notify messages are not reliable in IKEv1(Uni directional) In short my questions are: 1. Can we send the responder life time notification in MM6 or AM2 message from the responder? 2. Or can we alter the life time attribute of the ISAKMP SA proposal offer?( Is this considers as a violation of the RFC) Thanks Anoop
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
