Hi, > During our testing with IKEv2, we found that the 1st packet(IKE_SA_INIT) does > not have any information on vendor ID payload which is a MUST criteria as > per the RFC. > > As per the RFC 3947. > > “In the first two messages of Phase1, the vendor id payload for this > specification MUST be sent if supported
RFC 3947 defines NAT traversal for IKEv1. The standard does not apply to IKEv2. In IKEv2 NAT traversal is part of the core protocol, as specified in RFC 7296. No vendor ID is required to negotiate NAT traversal, see section 2.23. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
