>>> In an IKE_AUTH >>> exchange, or in the subsequent INFORMATIONAL exchnage, only the >>> following notifications cause the IKE SA to be deleted or not >>> created, without a DELETE payload: >>> o UNSUPPORTED_CRITICAL_PAYLOAD >>> o INVALID_SYNTAX >>> o AUTHENTICATION_FAILED >>> >>> Extension documents may define new error notifications with these >>> semantics, but MUST NOT use them unless the peer is known to >>> understand them. >> >> In subsequent INFORMATIONAL exchanges the UNSUPPORTED_CRITICAL_PAYLOAD >> should not be fatal. It only means that the responder ignored the >> whole message and replied with UNSUPPORTED_CRITICAL_PAYLOAD. That does >> not delete IKE SA. >> >> For the IKE_AUTH the UNSUPPORTED_CRITICAL_PAYLOAD can delete the IKE >> SA as IKE SA is not yet ready. > >That's what I meant. I will clarify this. I would not expect INVALID_SYNTAX to cause the IKE SA to be deleted either.
Keith Welter IBM z/OS Communications Server Developer 1-415-545-2694 (T/L: 473-2694)
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec