3.10.5.1 Receiving Message #1
The responder (1) processes all payloads prior to the correlation payload as per [RFC4306], [RFC4555], and [RFC4621]. Note that message #1 corresponds to the third packet in the IKEv2 exchange. See [RFC4306] section 1.2.
When the host receives the correlation payload, it MUST validate its generic header as specified in [RFC4306] section 3.2. Additionally, the host MUST:
See whether an existing IKE_SA in its SADB table matches the initiator and responder (1) SPIs from the correlation payload.
If there is an existing SA, the host MUST validate the correlation hash by computing its own value given its local SA state, and comparing it with the value of the correlation hash in the payload. If they are equal, the host flags these SAs as correlated.
Any failures in this exchange MUST NOT affect the state of the correlated IKE_SA.