Implemented handling of UNITY_LOAD_BALANCE as reauthentication.

src/libcharon/sa/ikev1/task_manager_v1.c

@@ -1255,6 +1255,23 @@ METHOD(task_manager_t, queue_ike_reauth, void,
 	}
 	enumerator->destroy(enumerator);
 
+	if (!new->get_child_count(new))
+	{	/* check if a Quick Mode task is queued (UNITY_LOAD_BALANCE case) */
+		task_t *task;
+
+		enumerator = this->queued_tasks->create_enumerator(this->queued_tasks);
+		while (enumerator->enumerate(enumerator, &task))
+		{
+			if (task->get_type(task) == TASK_QUICK_MODE)
+			{
+				this->queued_tasks->remove_at(this->queued_tasks, enumerator);
+				task->migrate(task, new);
+				new->queue_task(new, task);
+			}
+		}
+		enumerator->destroy(enumerator);
+	}
+
 	if (new->initiate(new, NULL, 0, NULL, NULL) != DESTROY_ME)
 	{
 		charon->ike_sa_manager->checkin(charon->ike_sa_manager, new);

src/libcharon/sa/ikev1/tasks/informational.c

@@ -83,15 +83,23 @@ METHOD(task_t, process_r, status_t,
 				}
 				else if (type == UNITY_LOAD_BALANCE)
 				{
-					host_t *redirect;
+					host_t *redirect, *me;
 					chunk_t data;
 
 					data = notify->get_notification_data(notify);
-					redirect = host_create_from_chunk(AF_INET, data, 0);
+					redirect = host_create_from_chunk(AF_INET, data,
+													  IKEV2_UDP_PORT);
 					if (redirect)
-					{
+					{	/* treat the redirect as reauthentication */
 						DBG1(DBG_IKE, "received %N notify. redirected to %H",
 							 notify_type_names, type, redirect);
+						/* Cisco boxes reject the first message from 4500 */
+						me = this->ike_sa->get_my_host(this->ike_sa);
+						me->set_port(me, IKEV2_UDP_PORT);
+						this->ike_sa->set_other_host(this->ike_sa, redirect);
+						this->ike_sa->reauth(this->ike_sa);
+						enumerator->destroy(enumerator);
+						return DESTROY_ME;
 					}
 					else
 					{