Cisco Cisco Packet Data Interworking Function (PDIF) Prospecto
IPSec Certificates
Multiple Child SA (MCSA) Support ▀
Cisco StarOS IP Security (IPSec) Reference ▄
111
Call Flows
Child SA Creation by Initiator
With crypto template configuration, Child SA creation is initiated by the IKE_INIT initiator through a
CREATE_CHILD_SA exchange or by StarOS acting as the responder. The first Child SA is created using the first
traffic selector. After creating the first Child SA, the initiator requests the second Child SA using the second traffic
selector. The responder completes the creation of the second Child SA.
CREATE_CHILD_SA exchange or by StarOS acting as the responder. The first Child SA is created using the first
traffic selector. After creating the first Child SA, the initiator requests the second Child SA using the second traffic
selector. The responder completes the creation of the second Child SA.
Figure 10. Child SA Creation Initiated by IKE_INIT