3.9.5.2 Receiving Message #2

On receipt of message #2, the host MUST validate the message, as specified in [RFC2408] section 5. In addition, the host MUST:

  • Verify that the message contains a single Notify payload, that the notify message type is set to NOTIFY_DOS_COOKIE, and that the notification data contains an 8-byte cookie value. No checks on the actual value are performed at this stage.

If this verification succeeds, the host MUST construct message #3 as follows:

  • Message #3 is the same as message #1, except that the Responder Cookie field of the ISAKMP header ([RFC2408] section 3.1) is the cookie from the notify NOTIFY_DOS_COOKIE payload in message #2.

Otherwise the host MUST process message #2 as a normal ISAKMP message.