для Cisco Cisco Packet Data Gateway (PDG)
Access Control
▀ Access Control via Blacklist or Whitelist
▄ IPSec Reference, StarOS Release 18
140
Whitelisting
The sequence of events when implementing whitelisting is briefly described below:
The initiator sends IKE_INIT_REQUEST to the responder.
The responder replies with IKE_INIT_RESPONSE.
Once the IKE_INIT_RESPONSE is done, the Initiator sends IKE_AUTH_REQUEST to the responder along
with its ID.
Upon receipt of the IKE_AUTH_REQUEST, the responder checks for the presence of a matching peer ID in the
whitelist.
If the peer ID is present in the whitelist, the IKE_AUTH_REQUEST is processed normally. Otherwise, the
gateway sends an IKE_AUTH_FAILURE to the initiator.
Figure 30. Whitelist Implementation