Hi All, Need help with couple of questions related to INITIAL_CONTACT in IKEv1
1. Is it NOT wrong to send INITIAL_CONTACT notification in QUICK MODE? Will it NOT end up in deleting the IKE SA(Phase 1 SA) which is being created as part of just completed AGGRESSIVE MODE exchange? If we receive INITIAL_CONTACT notification in QUICK MODE, as a responder should we ignore the notification? 2. On receiving INITIAL_CONTACT we delete IKE SA. Doesn't it make sense to delete all IPSec SA's(Phase 2 SA's) which are part of that particular IKE SA(Phase 1 SA) ? Because the whole purpose is to inform responder to delete all previous connection related to this identity as initiator is coming UP freshly. Regards Riyaz
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
