|Main Archive Page > Month Archives > ipsec archives|
>>> In an IKE_AUTH
>>> exchange, or in the subsequent INFORMATIONAL exchnage, only the
>>> following notifications cause the IKE SA to be deleted or not
>>> created, without a DELETE payload:
>>> o UNSUPPORTED_CRITICAL_PAYLOAD
>>> o INVALID_SYNTAX
>>> o AUTHENTICATION_FAILED
>>> Extension documents may define new error notifications with these
>>> semantics, but MUST NOT use them unless the peer is known to
>>> understand them.
>> In subsequent INFORMATIONAL exchanges the UNSUPPORTED_CRITICAL_PAYLOAD
>> should not be fatal. It only means that the responder ignored the
>> whole message and replied with UNSUPPORTED_CRITICAL_PAYLOAD. That does
>> not delete IKE SA.
>> For the IKE_AUTH the UNSUPPORTED_CRITICAL_PAYLOAD can delete the IKE
>> SA as IKE SA is not yet ready.
>That's what I meant. I will clarify this.
I would not expect INVALID_SYNTAX to cause the IKE SA to be deleted either.
IBM z/OS Communications Server Developer 1-415-545-2694 (T/L: 473-2694)