Mode configuration, several requests from one peer
I have a question about mode configuration. If the same peer makes several config requests to a router (an 871 in my case) protected by one IKE SA, will it always get the same IP address from the responding router?
I would like to request more than one IP address for the peer using mode configuration requests - is this possible? I only want to request one IP address at a time but I would like to be assigned a new IP address for each request.
So far it seems that I get the same IP address in each config reply from the same peer (when sending requests belongning to the same IKE SA) but this could very well be because of some configuration error I have made so I would like to know whether it is possible to get different addresses.
Re: Mode configuration, several requests from one peer
Thanks for your reply. I agree with you that it doesn't seem possible. Is it because it's the same IKE SA or because it's the same peer? I.e. if the same peer would set up several IKE SAs to the router (which I don't know if it's possible) could it be allocated several IP addresses?
Is this limitation part of some standard or is it just a limitation of the Cisco implementation?
According to the IETF drafts regarding mode config (draft-dukes-ike-mode-cfg-02 for example) it should be possible to request more than one IP address in the same config request. Is this supported by Cisco IOS?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...