Which SPD we have to use ?

[K SrinivasRao <srinu@trinc.com>]

Hello,

Even though the same question was asked by some one earlier, but I feel no
body responded to it well. Well will any one take some time and answer for
below questions.

w.r.t draft-ietf-ipsec-isakmp-08.txt.

When an outgoing packet does not find any SA associated with it and if
IPSEC process has to be applied on it, then we have start negotiating. For
this we have to send proposals (may be more than one) to the responder. 

* Whether the proposal to be sent are from INBOUND SPD or OUTBOUND SPD at
the initiator?    

* How does the responder selects the SPD entry when he receives the
proposals? Because selectors are not available. Whether he selects INBOUND
SPD or OUTBOUND SPD?

* I feel for one negotiation all together 4 SAs are created like.

Initiator - Inbound and Outbound SA -- 2 SAs 
Responder - Inbound and Outbound SA -- 2 SAs 
 Total 4 SAs Am I right ?
And if any one of this SA timed out (hard life time), then do we need to
terminate all the 4 SAs? How? 

* Once the negotiation is over how does the initiator and responder links
the INBOUND and OUTBOUND SAs with corresponding INBOUND and OUTBOUND SPD
entry. For all 4 SAs that are created. 

* What happens when a INBOUND SA's SoftLifeTime is timed out. Will it start
renegotiation. I feel only OUTBOUND SA can initiate the renegotiation process.

* If an SA is timed out (hard life time) do we need to delete all the SAs
in the SA bundle to which it corresponds to.

Thanking U all

SrinivasRao. B. Kulkarni                             
Rendezvous On Chip Pvt Ltd.
First Floor, Plot No. 14,
NewVasaviNagar, Kharkhana,
SECUNDERABAD - 500019. 
INDIA
Ph : (040)7742606
email address : srinu@trinc.com

---

• Prev by Date: [Karen Seo: Thomas Narten -- clarification, etc.]
• Next by Date: Re: [Karen Seo: Thomas Narten -- clarification, etc.]
• Prev by thread: When we have to check ?
• Next by thread: isakmp attrubute ordering question
• Index(es):
  • Main
  • Thread