[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISAKMP gateway function

To: ipsec@tis.com
Subject: ISAKMP gateway function
From: Michael Giniger <mginiger@tiac.net>
Date: Wed, 26 Nov 1997 13:41:17 -0500
Sender: owner-ipsec@ex.tis.com

Hi

I've read through ISAKMPv8 and I was wondering if anyone could answer a
question for me.

Does ISAKMP/OAKLEY support the use of a gateway host that negotiates
IPSEC SAs on behalf of other end systems.  For example gateway host A
negotiates an ISAKMP SA (phase 1) with host Z.  Then can host A
negotiate IPSEC SAs on behalf of end systems C, D, and E.  Host A would
then have to provide C, D, and E with the requisite keying material,
etc.
Is this supported by ISAKMP and if so how is this done?
If not, then does this mean that any end system that wants to have an
IPSEC SA with another end system must negotiate directly with that end
system?

Every end system would then have to store and run a copy of ISAKMP.

I appreciate any information you can provide

Sincerely
Michael Giniger

Prev by Date: Re: IPSEC Security Policy Management
Next by Date: Re: US Air Force IPSEC Requirements
Prev by thread: Re: IPSEC Security Policy Management
Index(es):
- Main
- Thread