[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Negotiating
Transforms
Inside a transform set, IPSec transforms are numbered
in a priority sequence.
- During negotiation as an initiator of the user SA, the
router uses transform number one first. If the remote system does
not agree on the transform, the router then tries number two, and
so on. If both end systems do not agree on a transform, the user SA
fails and the secure IP tunnel is not established.
- During negotiation as a responder, the router compares
the proposed transform from the remote end against each transform
in the transform set. If there is no match, the router provides a
negative answer to the remote end, which can either try another transform
or give up. If no match is found, the secure IP tunnel is not established.
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
