The UE shall initiate the IKE SA deletion procedure by sending an INFORMATIONAL request message including a Delete payload to the N3IWF for untrusted non-3GPP access and the TNGF for trusted non-3GPP access as specified in
RFC 7296.
The Delete payload shall be defined with the Protocol ID set to "1" and no SPIs included in the Security Parameter Index field in the Delete payload. This indicates that the IKE security association and all IPsec ESP security associations that were negotiated within the IKE security association between:
-
the N3IWF for untrusted non-3GPP access; and
-
the TNGF for trusted non-3GPP access;
and the UE shall be deleted.
Upon reception of the INFORMATIONAL request message from the UE for deletion of the IKE SA, if the N3IWF for untrusted non-3GPP access and the TNGF for trusted non-3GPP access accepts the IKE SA deletion request, the N3IWF for untrusted non-3GPP access and the TNGF for trusted non-3GPP access shall send an empty INFORMATIONAL response message to the UE as specified in
RFC 7296.
After sending the empty INFORMATIONAL response message, the N3IWF for untrusted non-3GPP access and the TNGF for trusted non-3GPP access shall close the IKE SA and delete all IPsec child SAs associated with the IKE SA. In addition, the N3IWF for untrusted non-3GPP access and theTNGF for trusted non-3GPP access shall inform the AMF that the access stratum connection has been released.
Upon receiving the empty INFORMATIONAL response message, the UE shall close the IKE SA and delete all IPsec child SAs associated with the IKE SA. In addition, the UE shall inform the upper layers that the access stratum connection has been released.
If the UE does not receive any empty INFORMATIONAL response message from the N3IWF for untrusted non-3GPP access and the TNGF for trusted non-3GPP access, the UE shall discard all states associated with the IKE SA and any child SAs that were negotiated using that IKE SA. In addition, the UE shall inform the upper layers that the access stratum connection has been released.