[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proposed changes to ISAKMP/Oakley



In message <199710202101.OAA02410@dharkins-ss20>, Daniel Harkins writes:
> 
> I would agree that this should be mandatory. If constraints (like proxy ids)
> are given during negotiation they must be respected by all parties to the
> negotiation. Any other WG members have an opinion either way?

What about when they are *not* given? Many people seem to be refusing all
non-local packets in that case. It would be nice if people's policy engines
would simply allow all traffic between two routers to be protected without
negotiating specific proxy-IDs. This is (once again :-) the concept of
treating a tunnel as a logical, point-to-point link between two gateways.

Comments? 

-- 
Harald


Follow-Ups: References: