[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Per-socket policy and ISAKMP
Dan,
The model I've been assuming calls for the SPD to be consulted when
a new SA is created, irrespective of whether one is the initiator or
responder. If the intent of the local policy is to require SHA-1 for all
SAs, then that should be reflected in the policy database and I would
suggest that it result in a failed ISAKMP negotiation, to avoid later
discarding of packets.
Steve
References: