[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPI question



Hello Amal,

At 08:36 AM 5/27/98 EDT, Amal Maalouf wrote:
>Hello,
>
>Please can anyone clarify the following..
>
>When two end systems are negotiating an SA using Quick mode,
>the initiator sends an ISAKMP message with the SA payload,
>proposal payload(s) and transform payload(s).  What does
>the initiator fill in the SPI field of the proposal payload?

Srinu>> The initiator will generate an SPI, which will be used as the SPI
value for INBOUND SA at initiator side and OUTBOUND SA at the responder side.

>Is this SPI used at all to identify the SAs created on both
>sides?  

Srinu>> YES. As I said before, this SPI value will used to identify INBOUND
SA at the initiator side and OUTBOUND SA at the responder side.

>I understood from reading the AH/ESP drafts that it is the responder
>that specifies the SPI that the initiator is to use in the
>AH header and/or ESP header sent to the responder.  I figuered
>that this SPI is sent from the responder to the initiator
>when the responder chooses one of the proposals that the initiator
>is suggesting, i.e. when the responder responds in the SA Quick
>mode negotiation.  If this is the case, then what is the SPI field
>set by the initiator in this negotiation used for?

Srinu>> OK, responder in response to the  initiator proposals will select
one of them, and then he(responder) will generate an SPI value for
his(responder) INBOUND SA and send it to the initiator to use it to
identify his(initiator) OUTBOUND SA.

Hope this HELPS ..

>
>Thanks,
>Amal.
>
>

Bridging the gap between hardware and software

with best wishes
 - K. SrinivasRao(email : srinu@trinc.com )


References: