3.9.5.3 Receiving Message #3

On receipt of message #3, the host MUST validate the message, as specified in [RFC2408] section 5. In addition, the host MUST:

• Verify that the Responder Cookie field in the ISAKMP header is not zero.

• Verify that the Responder Cookie field in the ISAKMP header is the same as the cookie sent in the Notify payload of message #2. The actual verification mechanism is implementation-dependent.<28>

If this verification succeeds, the host MUST process message #3 as a normal ISAKMP message. Otherwise, the host MUST process message #3 in the same way as message #1.

Subsequent messages received for this SA on the host in DoS Protection mode MUST be processed the same as message #3.

Subsequent messages received for SAs for which no state exists in the SAD MUST be processed in the same way as message #1.