Hi All,
How to handle "Initial Contact Notification" during simultaneous IKEv2 SA
negotiation?
For
example: A pair of gateways are initiating IKEv2 negotiation almost at
the same time resulting in 2 sets of IKEv2 SAs. In IKE_AUTH, both the
boxes are sending "Initial Contact" notification and IKE_AUTH almost
cross each other. On receiving the IC, if both try to delete the other
IKE SAs on the box, we end up having different sets of IKE & child
SAs on the both sides.
Thanks
Kanaga.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
