Re: Mode configuration, several requests from one peer

AKAnderson · ‎03-27-2007

Hi,

I have a question about mode configuration. If the same peer makes several config requests to a router (an 871 in my case) protected by one IKE SA, will it always get the same IP address from the responding router?

I would like to request more than one IP address for the peer using mode configuration requests - is this possible? I only want to request one IP address at a time but I would like to be assigned a new IP address for each request.

So far it seems that I get the same IP address in each config reply from the same peer (when sending requests belongning to the same IKE SA) but this could very well be because of some configuration error I have made so I would like to know whether it is possible to get different addresses.

Thanks,

Kristin

wong34539 · ‎04-02-2007

I dont think it is possible to have different IP addresses allocated for different config requests belonging to same IKE SA by the same peer .

AKAnderson · ‎04-02-2007

Thanks for your reply. I agree with you that it doesn't seem possible. Is it because it's the same IKE SA or because it's the same peer? I.e. if the same peer would set up several IKE SAs to the router (which I don't know if it's possible) could it be allocated several IP addresses?

Is this limitation part of some standard or is it just a limitation of the Cisco implementation?

According to the IETF drafts regarding mode config (draft-dukes-ike-mode-cfg-02 for example) it should be possible to request more than one IP address in the same config request. Is this supported by Cisco IOS?

Thanks again,

Kristin