Re: more questions on IPsec VPN# Internet - 有缘千里一线牵
m*t
1 楼
I am just giving perspective from the spec point of view, HUgh actually may
have a lot in the practical world how the products implement the
features
IKE is a peer to peer protocol, taht means with proper policy imposed on
both peers, whenever a peer needs to talk to the other, it needs to
set up the SA first, so for the responder(the one who receives the packets),
the SA should have been in place since the initiator was supposed to
do the IKE whenever the initiator sees the outbound packets