Scenario: When the IKEv2 initiator guesses an incorrect DH group and the
responder sends back the DH group hint in INVALID_KE_PAYLOAD notification.
Couple of questions around this:
On what basis does the responder reject the DH group:
1. Because the best match initiator SA payload
Montenegro
Subject: [IPsec] IKEv2 Diffie Hellman retry logic
Scenario: When the IKEv2 initiator guesses an incorrect DH group and the
responder sends back the DH group hint in INVALID_KE_PAYLOAD notification.
Couple of questions around this:
On what basis does the responder reject the DH group
