SPI-Based health checking mechanism for IPSEC
This document describes a diagnostic protocol for unexpected failures between IPSEC gateways. The method covers two parts as IKE[1] consists of two phases. One is echo request/reply message between two IPSEC gateways to confirm health of IKE peer and the other is exchanging of IPSEC-SA SPI to assure exact state of IPSEC-SA. Two new Notification Payload message type is defined, SPI-PING-REQUEST and SPI-PING-REPLY