Thanks. I thought it is only checked during key negotiation and ignored during transmission.
Actually, I'm wondering if it is necessary to binding the IP address. Actually, if X509 certificates or some other credentials are used during IKE/IKEv2, source IP address is not a big issue any more. Adversaries can spoof IP address but cannot spoof those credentials
|