IPsec tunnel identification attributes

Table: Disconnect Message: IPsec tunnel identification attributes details the different attributes that can be used in a Disconnect Message to identify one or multiple IKEv2 remote-access tunnels.

Table: Disconnect Message: IPsec tunnel identification attributes
ID method1 Attribute ID Attribute Name Notes Identifies

1

87

NAS-Port-Id

NAS-Port-Id+

Alc-IPsec-Serv-Id +

a single IP Address or IPv6 Prefix attribute

Single IPsec Tunnel

26.6527.61

Alc-IPSec-Serv-Id

8

97

Framed-IP-Address

Framed-IPv6-Prefix

2

44

Acct-Session-Id

Single IPsec Tunnel for a public service

3

1

User-Name

All IPsec Tunnels with the User-Name as the IDi2
Parent topic: RADIUS CoA and disconnect message attributes
1 Only one of the three identification methods should be used in a Disconnect Request, otherwise the system rejects it by sending a Disconnect-NAK with [101] Error-Cause value set to 404 (Invalid Request).
2 If there are multiple tunnels having the specified IDi, then all these tunnels are terminated.