3.8.5.1 Receiving Message #1

On receipt of message #1, the host MUST validate the message, as specified in [RFC2408] section 5. If message #1 is correctly validated, the host MUST delete the corresponding SA and MUST construct message #2 in response.

  • The message MUST consist only of an ISAKMP header as specified in [RFC2408] section 3.1, a Hash payload as specified in [RFC2408] section 3.11, a Delete payload as specified in [RFC2408] section 3.15, and a Nonce payload structured as specified in [RFC2408] section 3.13.

  • The ISAKMP header MUST be constructed as specified in as specified in [RFC2408] section 3.1. The Message ID field MUST be copied from message #1.

  • The Hash payload MUST be constructed in the following manner:

     HASH(2) = prf(SKEYID_a, Ni | M-ID | Nr | Delete)
    

    Once computed as above, this hash value MUST be sent on the wire format specified in section 3.11 of [RFC2408].

  • The Ni payload is the Nonce payload without a generic payload header.

  • The Delete payload MUST be copied from message #1.

  • The Nr payload is a Nonce payload and MUST be constructed as specified in [RFC2408] section 3.13.

Otherwise, the host MUST silently discard message #1.