In IKE_AUTH TSi and TSr are mandatory, so it is not possible to omit them from an authentication exchange message, as there would be no way for the SA to know what traffic should be forwarded through the SA.
It seems that the correct error message would be INVALID_SYNTAX. This would require the message ID and the checksum to be valid. Note that this has (may only) be sent in an encrypted response. Please correct me if I am wrong. Regards, Matt > 2009/4/22 raj singh <rsjen...@gmail.com> > >> Hi Group, >> >> What is the expected behavior if as a responder we do not receive TSi and >> TSr in IKE_AUTH exchange ? >> Shall we go ahead and establish IKEv2 SA ? If yes, shall we send out TSi >> and TSr ? >> Or we should reject the packet ? >> If we reject the packet during packet validation with doing ID and AUTH >> payload processing, what ERROR should be send ? >> >> Thanks, >> Raj >> >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec >> >> >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
