vijay kn writes:
> Praveen/Ahmad,> Some vendors don’t support Reauth. In this case what
> to do?
There is no specific need for reauth on the protocol level. You create
new IKE SA, you create new Child SAs, you delete old IKE SA.
Everything is just standard IKEv2 and all implementations support
th
his solution (client to send a new INFO msg with the
> REDIRECT_SUPPORTED notify payload) to enable a SMOOTH inter-op with other
> vendor implementations.
>
> Because of these reasons, I feel the RFC needs correction.
>
>
> From: Ahmad Muhanna [mailto:asmuha...@gmail.com]
> Se
hanna [mailto:asmuha...@gmail.com]
Sent: Monday, May 05, 2014 10:48 PM
To: Praveen Sathyanarayan
Cc: vijay kn; ipsec@ietf.org; vi...@wichorus.com;
kilian.weni...@googlemail.com; vjkumar2...@gmail.com
Subject: Re: [IPsec] Regarding IKEv2 REDIRECT problem (reference RFC 5685)
Thanks Praveen for pointing
unnel with other vendor
> base stations and/or other vendor Gateways which may or may not support
> REDIRECT, it is better to add this solution (client to send a new INFO msg
> with the REDIRECT_SUPPORTED notify payload) to enable a SMOOTH inter-op
> with other vendor implementations
gt; Recommendation: -
> >
> > Since the base stations normally establish Tunnel with other vendor base
> > stations and/or other vendor Gateways which may or may not support
> > REDIRECT, it is better to add this solution (client to send a new INFO msg
> > with the REDIRECT_S
lemail.com" <
> kilian.weni...@googlemail.com>, "vjkumar2...@gmail.com" <
> vjkumar2...@gmail.com>
> Subject: Re: [IPsec] Regarding IKEv2 REDIRECT problem (reference RFC 5685)
>
> Hi Ahmad,
>
> If you meant re-negotiating is IKEv2 rekey then it will n
.@googlemail.com>>,
"vjkumar2...@gmail.com<mailto:vjkumar2...@gmail.com>"
mailto:vjkumar2...@gmail.com>>
Subject: Re: [IPsec] Regarding IKEv2 REDIRECT problem (reference RFC 5685)
Hi Ahmad,
If you meant re-negotiating is IKEv2 rekey then it will not work because IKEv2
rekey will n
er vendor base
> stations and/or other vendor Gateways which may or may not support
> REDIRECT, it is better to add this solution (client to send a new INFO msg
> with the REDIRECT_SUPPORTED notify payload) to enable a SMOOTH inter-op
> with other vendor implementations.
> >
>
on (client to send a new INFO msg with the
> REDIRECT_SUPPORTED notify payload) to enable a SMOOTH inter-op with other
> vendor implementations.
>
>
>
> Because of these reasons, I feel the RFC needs correction.
>
>
>
>
>
> From: Ahmad Muhanna [mai
.
>
>
>
>
>
> *From:* Ahmad Muhanna [mailto:asmuha...@gmail.com]
> *Sent:* Sunday, May 04, 2014 9:41 PM
> *To:* vijay kn
> *Cc:* vi...@wichorus.com; kilian.weni...@googlemail.com; ipsec@ietf.org;
> vjkumar2...@gmail.com
> *Subject:* Re: [IPsec] Regarding IKEv2 REDIREC
Hi Vijay,
- Original Message -
From: vijay kn
To: Yoav Nir
Cc: ipsec@ietf.org ; vi...@wichorus.com ; kilian.weni...@googlemail.com ;
vjkumar2...@gmail.com
Sent: Monday, May 05, 2014 8:08 AM
Subject: Re: [IPsec] Regarding IKEv2 REDIRECT problem (reference RFC 5685)
Hi
...@wichorus.com; kilian.weni...@googlemail.com; ipsec@ietf.org;
vjkumar2...@gmail.com
Subject: Re: [IPsec] Regarding IKEv2 REDIRECT problem (reference RFC 5685)
Hi, Vijay,
I am NOT one if the authors of this RFC but I recall the discussion and the use
case. If I understand the scenario correctly, the
.
From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Yoav Nir
Sent: Sunday, May 04, 2014 12:56 PM
To: vijay kn
Cc: ipsec@ietf.org; vi...@wichorus.com; kilian.weni...@googlemail.com;
vjkumar2...@gmail.com
Subject: Re: [IPsec] Regarding IKEv2 REDIRECT problem (reference RFC 5685)
Hi Vijay
I'
Hi, Vijay,
I am NOT one if the authors of this RFC but I recall the discussion and the use
case. If I understand the scenario correctly, the client in this case (eNB)
negotiated an IKE SA without indicating the ability to support REDIRECT. If
that is the case, the client should renegotiate IKE
Hi Vijay
I’m no expert on REDIRECT, and my implementation does not support it.
Your issue seems to be about implementations that have the REDIRECT
functionality, but don’t advertise as much when they connect to the peer
gateway. So it’s as if this feature is disabled by configuration. Am I
un
Hi,
There is an issue in IKEv2 REDIRECT RFC 5685. In one scenario, the IKEv2
REDIRECT will not work indefinitely.
Scenario: -
Let's assume there are about 1000 clients connected to a IKEv2 REDIRECT enabled
SeGW. None of the clients were IKEv2 redirect enabled at the time of
establishing SA with
16 matches
Mail list logo