3.1.4.2 Explicit IPsec Negotiation Request

The Authenticated Internet Protocol negotiation can be explicitly triggered by the user or administrator prior to packets being sent or received. The protocol then acts as the initiator for this negotiation. This trigger is a local higher layer triggering event and does not otherwise affect SA negotiation. When triggered this way, the initiator MUST create a main mode security association (MM SA) entry in the main mode security association database (MMSAD) containing encryption algorithm, hash algorithm, group description, life type, and life duration values before sending message #1 (section 3.2.4).