[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

an inbound SPD-check question

To: ipsec@tis.com
Subject: an inbound SPD-check question
From: Stephen Waters <Stephen.Waters@digital.com>
Date: Mon, 3 Aug 1998 14:12:49 +0100
Sender: owner-ipsec@ex.tis.com


Say I am processing an inbound packet that has IPSEC protection.  I have
located the 
right SA and I have decoded the original packet.

I am then required to check the SPD to see that the require security was
applied for the 
packet I now have.  If the SPD check comes back with the answer "BYPASS"
(i.e. no
security required), do I dump the packet, or forward it?

A bit of silly case (probably some mis-config somewhere), but it could
happen.  If security
has been successfully applied, it seems a bit naff to bin the packet because
the inbound SPD
check says the IPSEC protection was not required.

Cheers, Steve.

Follow-Ups:

Re: an inbound SPD-check question

From: Stephen Kent <kent@bbn.com>

Re: an inbound SPD-check question

From: suresh@livingston.com (Pyda Srisuresh)

Prev by Date: Re: Comments on "Hybrid Auth. mode for IKE"
Next by Date: Re: an inbound SPD-check question
Next by thread: Re: an inbound SPD-check question
Index(es):
- Main
- Thread