Cisco Cisco Packet Data Gateway (PDG) Documentation Roadmaps
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
Packet Data Interworking Function Overview
▀ Features and Functionality - Base Software
▄ Cisco ASR 5000 Series Product Overview
OL-22938-01
If the IKEv2 cookie feature is enabled, and the number of half-opened IPSec sessions exceeds the configured limit of
any integer between 0 and 100,000, the call setup is as shown in the figure below.
any integer between 0 and 100,000, the call setup is as shown in the figure below.
Figure 122. DoS Cookie-Challenge-Enabled IKEv2 Message Exchange
Table 66. DoS Cookie Challenge Enabled IKEv2 Message Exchange
Step
Description
1
The MS places a call to the WiFi AP.
2
The WiFi AP returns the IP address of the PDIF.
3
The MS sends an IKE_SA_INIT request. message.
4
The PDIF sends the Notify (cookie) payload to the MS to request retransmission of the IKE_SA_INIT request message to
include the Notify (cookie) payload in the message.
include the Notify (cookie) payload in the message.
5
Upon receipt of the retransmitted message, the PDIF verifies the cookie payload and ensures it is the same cookie as the
one it had sent.
one it had sent.
6
If the cookie challenge is met, setup continues as normal with an IKE_SA_INIT response message.
Cookie Challenge Statistics
Cookie challenge statistics appear in the outputs for the following commands: