Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
When inbound or outbound packets trigger AuthIP negotiation based on standard Ipsec processing rules ([RFC4301] section 5), the protocol acts as the initiator for this negotiation and sends message #1 of the first main mode (MM) exchange (section 3.2.4). The initiator MUST create a main mode security association (MM SA) entry in its main mode security association database (MMSAD) containing encryption algorithm, hash algorithm, group description, life type, and life duration values before sending message #1.
In the new MMSAD entry, the initiator MUST also copy the values "Require Impersonation MM" and "Require Impersonation EM" from the SPD to the Impersonation active MM and Impersonation active EM flags, and copy the ImpersonationHandle value representing the user that generated the traffic to ImpersonationHandle.