Cisco Cisco Packet Data Gateway (PDG)
Access Control
Access Control via Blacklist or Whitelist ▀
IPSec Reference, StarOS Release 18 ▄
139
Blacklisting
The sequence of events when implementing blacklisting is briefly described below:
The initiator sends IKE_INIT_REQUEST to the responder.
The responder replies with IKE_INIT_RESPONSE.
Once the IKE_INIT_RESPONSE is done, the Initiator sends IKE_AUTH_REQUEST to the responder along
with its ID.
Upon receipt of the IKE_AUTH_REQUEST, the responder checks for the presence of a matching peer ID in the
blacklist.
If the peer ID is present in the blacklist, the responder sends an IKE_AUTH_FAILURE to the initiator.
Otherwise, the processing of IKE_AUTH_REQUEST follows the normal procedure for tunnel setup.
Figure 29. Blacklisting Implementation