Hi, > Q. Can you tell me what can be the reason behind this?
Probably your gateway has a policy to enforce for identical IKE_SAs. If you are running strongSwan, we have a uniqueids= option in ipsec.conf to delete identical IKE_SAs, but then it should keep one or the other (man ipsec.conf). > Q. Is it correct according to the IKEv2 Protocol? IKEv2 does not define higher level details when a peer can initiate or delete an IKE_SA, it just defines how to do it. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
