[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISAKMP SA negotiation

To: Mary Quinn <mquinn@ftp.com>
Subject: Re: ISAKMP SA negotiation
From: Daniel Harkins <dharkins@cisco.com>
Date: Tue, 01 Jul 1997 08:03:46 -0700
Cc: jhoagla@ideal.jf.intel.com, ipsec@tis.com
In-Reply-To: Your message of "Tue, 01 Jul 1997 08:45:02 EDT." <199707011238.IAA19672@MAILSERV-2HIGH.FTP.COM>
Sender: owner-ipsec@ex.tis.com

  Mary,

>>Now, when site B receives the message, it consults its policies and
>>determines what SAs are acceptable to it.  It finds that both P1 and P2
>>are acceptable, but that P2 is preferred over P1.  Knowing that site A
>>prefers P1, which should site B choose to respond with?
>>
> 
> I have written an implementation of a policy data base/server. When 
> resolving a list of proposals, the preferences of the
> initiator are honored. So in the above example,  ISAKMP  would  use P1.

That might be what you'd do but my implmementation chooses P2. In the
example, B has his own policy priority settings; he wants P2 over P1.
In fact, if A offered P1, P2, P3, P4 and B wanted P4, P2, P1, P3, B
would select P4. I never let someone else override my local policy. It
was set like that for a reason.

  Dan.

References:

RE: ISAKMP SA negotiation

From: Mary Quinn <mquinn@ftp.com>

Prev by Date: RE: ISAKMP SA negotiation
Next by Date: SA negotiation
Prev by thread: RE: ISAKMP SA negotiation
Next by thread: Re: ISAKMP SA negotiation
Index(es):
- Main
- Thread