[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: use of client IDs

To: CJ Gibson <cjgibson@semaphorecom.com>
Subject: Re: use of client IDs
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Thu, 18 Jun 1998 11:17:36 -0700
CC: Bryan Gleeson <bgleeson@shastanets.com>, ipsec@tis.com
Organization: RedCreek Communications
References: <0171F2F8F9E5D011A4D10060B03CFB441002C9@scc-server3.semaphorecom.com>
Sender: owner-ipsec@ex.tis.com

CJ Gibson wrote:
> 
>         Scott,
>         could you please be a little clearer (or give examples) about
> your statement:
> 
>         " The ID payload is optional when the sender and receiver are to
> be
>         considered to be the conversation endpoints. In that case, the
> IDs are
> implicit."
> 
> The question is about a gateway so the key neg has to be for tunnel
> mode.
> 

I mean that in the case of a single tunnel between gateways which is
used to support all traffic between the networks behind the gateways,
the gateways are the conversation endpoints.

See section 5.5 of the IKE doc, where it says

"The identities of the SAs negotiated in Quick Mode are implicitly
assumed to be the IP addresses of the ISAKMP peers, without any implied
constraints on the protocol or port numbers allowed, unless client
identifiers are specified in Quick Mode."

References:

RE: use of client IDs

From: CJ Gibson <cjgibson@semaphorecom.com>

Prev by Date: RE: use of client IDs
Next by Date: RE: use of client IDs
Prev by thread: RE: use of client IDs
Next by thread: RE: use of client IDs
Index(es):
- Main
- Thread