naoyoshi ueda writes:
According to ikev2bis-04 section 2.1:
A retransmission from the initiator
MUST be bitwise identical to the original request. That is,
everything starting from the IKE Header (the IKE SA Initiator's SPI
onwards) must be bitwise identical; items before it
Yoav Nir writes:
Yes, altought I think most of the implementations do not bother
sending INFORMATIONAL requests when IKE_AUTH response has errors. I
think most implementations will then simply remove the IKE SA as
failed without any further communications to the other end
But wouldn't