Why is the entire IKE identification payload encrypted?


  • Hi,

    I am trying to debug an IKE exchange between Windows 7 and a device I am developing. Our device rejects the IKE Identification (5) payload because the payload header is not in the clear. For the pre-shared key authentication, Windows 7 sends an ISAKMP payload with next payload set to "Identification (5)", but the payload consists of 40 bytes of encrypted data with no header. RFC 2409 states that the entire payload should be encrypted EXCEPT for the generic payload header. Can anyone shed some light on why Windows is not including a plaintext header in this Identification payload?


    13 Mart 2012 Salı 14:31