Clarifying question: How exactly would it work to disable weak KEs for peers that support strong KE? The peer doesn't identify itself until the IKE_AUTH exchange, at which point the sequence of KEs has already been negotiated and executed. Is it possible to abort due to insufficient KE parameters at this point?
Chris P.
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
