Cisco Cisco Packet Data Gateway (PDG)
IPSec Certificates
▀ Multiple Child SA (MCSA) Support
▄ IPSec Reference, StarOS Release 17
112
Child SA Creation by Responder
After negotiating a transform set (TS), the responder detects the need to create more child SAs to support configured
traffic selectors. It sends CREATE_CHILD_SA to create as many child SAs as required to meet the TS configuration.
The initiator completes subsequent child SA creations.
traffic selectors. It sends CREATE_CHILD_SA to create as many child SAs as required to meet the TS configuration.
The initiator completes subsequent child SA creations.
Figure 11. Child SA Creation Initiated by StarOS as Responder