[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: use of client IDs

To: "Scott G. Kelly" <skelly@redcreek.com>, Bryan Gleeson <BGleeson@shastanets.com>
Subject: RE: use of client IDs
From: Bryan Gleeson <BGleeson@shastanets.com>
Date: Thu, 18 Jun 1998 15:45:21 -0700
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

Scott,
 
> Policy is a local matter. Gateways with differing policies may or may
> not communicate, depending upon the intersection of their policy sets.
 
Agreed. What I want to make sure of is that two boxes that claim IPSEC
conformance are not fundamentally uninteroperable if a security gateway
is serving multiple disjoint subnets. Either the transmitting gateway
must be able to set up multiple SAs to the same peer, one for each
subnet,
or a receiving gateway must be precluded from assuming that the source
IP
address of packets received on an SA will always either fall under the
range of the client ID if included, or the ID of the ISAKMP peer, if
not. 

Bryan Gleeson
Shasta Networks.

Prev by Date: Re: use of client IDs
Next by Date: Re: use of client IDs
Prev by thread: Re: use of client IDs
Next by thread: RE: use of client IDs
Index(es):
- Main
- Thread