[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Q] SA lookup on receive

To: Abraham R Matthews <amatthews@cosinecom.com>, ipsec@tis.com
Subject: Re: [Q] SA lookup on receive
From: Stephen Kent <kent@po1.bbn.com>
Date: Thu, 14 May 1998 15:06:17 -0400
In-Reply-To: <3558CA5B.8B6113CC@cosinecom.com>
Sender: owner-ipsec@ex.tis.com

Abraham,

>When an ipsec packet is received, an SA is looked up using the
>tuple <dest-ip,spi,protocol>. Must the dest-ip be a local ip
>address of the security gateway? What if the dest-ip address is
>the address of an internal host?

Any SA involving a security gateway MUST be a tunnel mode SA, so the outer
IP address will be that of the gateway, not of the internal (ultimate
destination) host.  The latter address will be in the inner IP header.

Steve

Follow-Ups:

Re: [Q] SA lookup on receive

From: Abraham R Matthews <amatthews@cosinecom.com>

References:

[Q] SA lookup on receive

From: Abraham R Matthews <amatthews@cosinecom.com>

Prev by Date: I-D ACTION:draft-ietf-ipsec-ipsec-doi-09.txt
Next by Date: Re: Latest AH/ESP/Arch drafts and changes
Prev by thread: [Q] SA lookup on receive
Next by thread: Re: [Q] SA lookup on receive
Index(es):
- Main
- Thread