次の方法で共有

3.6.5.1 Received Extended Mode First Exchange Response

  • [アーティクル]

Extended Mode First Exchange Response packet

Figure 19: Extended Mode First Exchange Response packet

If the initiator is not in Extended Mode First Request Sent State (see section 3.6.7.1), when the initiator receives the above packet it MUST tear down the corresponding main mode (MM) if it can match the packet to an existing main mode, or silently discard the packet otherwise.

If the initiator encounters any errors in the processing of this message, it MUST be treated as an Invalid Message event. See section 3.6.5.3.

On receiving the above packet in Extended Mode First Request Sent State (see section 3.6.7.1), the initiator MUST verify that message #3 (in the diagram above) is constructed as follows:

  • HDR: The ISAKMP header MUST be identical to the first IKE phase 2 initiator packet, as specified in [RFC2409] section 5.5, except that the exchange type MUST be 243 (MM exchange type). The Encrypted flag SHOULD NOT be set.<17>

  • The remaining payloads MUST follow a non-encrypted Crypto payload.

  • GSS-API: This payload MUST be constructed as specified in [GSS] and section 2.2.3.1.

If the initiator encounters no errors in processing this message, it MUST start a GSS-API exchange by transitioning to the GSS_API Start state (see the GSS state machine in section 3.8).