[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SA sharing question

To: <ipsec@tis.com>
Subject: SA sharing question
From: Cliff Wang <cxwang@us.ibm.com>
Date: Thu, 28 May 1998 12:05:33 -0400
Sender: owner-ipsec@ex.tis.com

GW1 and GW2 are gateways negotiating
IPsec SAs for hosts behind them.

Suppose an IPsec SA has been set up between host
a1 and b1. Later a2 and b2 need to have a SA
for traffic protection. Of course a2 and b2 can
negotiate a new SA through GW1 and GW2.
If SA sharing is intended, can the first SA
between a1 and b1 be used for traffic between
a2 and b2 without a new SA? How to negotiate
this SA sharing?

a1 ---|                                            |---  b1
          |--GW1  ----------- GW 2--|
a2 ---|                                            |---  b2

Thanks!

Cliff Wang
IBM, cxwang@us.ibm.com

Follow-Ups:

Re: SA sharing question

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: RE: SPI question
Next by Date: Re: SA sharing question
Prev by thread: Re: ESP Qs
Next by thread: Re: SA sharing question
Index(es):
- Main
- Thread