4.1 Negotiation Discovery Examples

The following protocol sequence diagram depicts communication between a client with a negotiation discovery policy and a server with negotiation discovery in boundary mode.

Negotiation discovery between client and server

Figure 18: Negotiation discovery between client and server

In this example, the client initiates a TCP connection to the server. At the same time that it sends the TCP SYN packet, the client initiates the IKE to the server. TCP traffic flows in the clear until the IKE negotiation completes with IKE message #6. Then, the traffic for this connection is protected.

In the second example, the server requires all inbound traffic to be protected.

Negotiation discovery between client and server, all inbound traffic protected

Figure 19: Negotiation discovery between client and server, all inbound traffic protected

In this example, the client initiates a TCP connection to the server. At the same time that it sends the TCP SYN packet, the client initiates the IKE to the server. The Cleartext TCP SYN packets are dropped by the server and retransmitted by the client until the IKE negotiation completes with IKE message #6. The server then accepts the protected traffic.

Show: