At 8:10 PM +0800 5/15/09, Hui Deng wrote: >You are right, after IKE phase 1, IPsec SA will be setup, >traffic selector will be used > >Here our requirement is, we still create the IKE SA, but not create IPsec SA. >the reason for such kind of strange usage is that IKE is already mandated >there. >the left is whether it is necessary to use IPsec since the connections >are already physically secured.
You can run IKE and then immediately delete the IPsec / Child SA but leave the IKE SA up. This should probably pass your odd requirements. >Excuse for such strange scenario. Many of us have seen worse... --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
