[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPsec DOI v7 - comment
Section 4.4.1 of ipsec-doi-v7 states :-
The ISAKMP proposal syntax was specifically designed to allow for
the simultaneous negotiation of multiple security protocol suites
within a single negotiation. As a result, the protocol suites listed
below form the set of protocols that can be negotiated at the same
time. It is a host policy decision as to what protocol suites might
be negotiated together.
The following table lists the values for the Security Protocol
Identifiers referenced in an ISAKMP Proposal Payload for the IPSEC
DOI.
Protocol ID Value
RESERVED 0
PROTO-ISAKMP 1
PROTO-IPSEC-AH 2
PROTO-IPSEC-ESP 3
PROTO-IPCOMP 4
Q. When is it possible to negotiate a PROTO-ISAKMP SA AND
PROTO-IPSEC-* SA "at the same time"
Is it not the case that :
PROTO-ISAKMP is negotiated in phase 1 ONLY and
PROTO-IPSEC-* negotiated in phase 2 ONLY
- Elfed
****************************************************
"The views expressed above are entirely those of
the writer and do not represent the views, policy or
understanding of any other person or official body."
Elfed T. Weaver
DERA
Malvern
UK
weaver@hydra.dra.hmg.gb
****************************************************
Follow-Ups: