Cisco's implementation of RFC 2406: IP Encapsulating Security Payload(ESP)

Discussion in 'Cisco' started by philbo30, Dec 19, 2007.

  1. philbo30

    philbo30 Guest

    Page 14 of RFC 2406 states:

    If the ICV validation fails, the receiver MUST discard the received IP
    datagram as invalid; this is an auditable event. The audit log entry
    for this event SHOULD include the SPI value, date/time received,
    Source Address, Destination Address, the Sequence Number, and (in
    IPv6) the Flow ID.

    Cisco claims that RFC 2406 is supported, thus, upon an ICV validation
    failure, it is fair to assume that an audit message would be generated
    per the RFC.

    So, two questions:

    1. What is this log message?
    2. What's the URL to Cisco that explains it?

    In advance, thnx for any info.
    philbo30, Dec 19, 2007
    1. Advertisements

  2. Hi,

    I think that "this is an auditable event" means just what it says... that's
    to say that auditing this event is not mandatory and if it is done, it
    SHOULD (but it's not a MUST) include the SPI, etc.

    Gabriele Beltrame, Dec 20, 2007
    1. Advertisements

  3. philbo30

    philbo30 Guest

    I disagree. "Is an auditable event" implies that auditing the event is
    not an option, a log entry must be created to comply with the RFC. On
    the other hand, what is optional is the combination of informational
    items included in the mandatory log entry.

    Anyway, Cisco claims support for the RFC, so it will be interesting to
    find out how they are handling this particular part of it.
    philbo30, Dec 20, 2007
  4. Hi,

    Maybe I'm wrong then, but what's the sense of having a mandatory audit event
    and then an optional but suggested information

    Note that RFC 2406 is now obsoleted by RFC 4303.
    From a very cursory look at the new RFC I think that the "auditable event"
    has gone missing.

    Gabriele Beltrame, Dec 20, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.