Hi, Hema USE_TRANSPORT_MODE is a notification, so it is outside the structures in the SA payload.
As a consequence, the protocol does not allow you to propose AES-GCM in transport mode or ChaCha20/Poly1305 in tunnel mode. Note also that USE_TRANSPORT_MODE does not force transport mode. It only shows support. The responder can then choose to include it (agreeing to use transport mode) or not (forcing you back to tunnel). And yes, notifications were not supposed to be used for negotiations. HTH, Yoav > On 12 Nov 2015, at 8:59 AM, Hema Tripathi (hetripat) <hetri...@cisco.com> > wrote: > > Hi, > > I have a doubt regarding USE_TRANSPORT_MODE in IKEv2. Does this apply to > complete SA offer(s) or to each proposal in the SA? In case of multiple > proposals, should they be negotiated on the basis of the mode configured for > that proposal? Or should all SA offers adhere to same mode? > > — > Regards, > Hema > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
