With racoon you can use racoonctll to launch a phase1 without a phase2 ------Original Message------ From: Paul Hoffman To: [email protected] Cc: [email protected] Cc: [email protected] Sent: May 15, 2009 8:09 AM Subject: Re: [IPsec] One question for IKE/IPsec
At 8:10 PM +0800 5/15/09, Hui Deng wrote: >You are right, after IKE phase 1, IPsec SA will be setup, >traffic selector will be used > >Here our requirement is, we still create the IKE SA, but not create IPsec SA. >the reason for such kind of strange usage is that IKE is already mandated >there. >the left is whether it is necessary to use IPsec since the connections >are already physically secured. You can run IKE and then immediately delete the IPsec / Child SA but leave the IKE SA up. This should probably pass your odd requirements. >Excuse for such strange scenario. Many of us have seen worse... --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec <https://www.ietf.org/mailman/listinfo/ipsec> Sent via BlackBerry by AT&T _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
