[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDs clarification



Hi ,


we need some help in the scenerio... 


          (N1)                                           (N2)
  H1|----------|sg1|---------------|sg2|------------|H2
                       ->| ESP tunnel  |<-
  
In this scenario I want to negotiate an IPSEC SA from <H1 to H2>
H1 is a host with in the trusted network of SG1 (N1).
H2 is a host woth in the trusted network of SG2(N2)
Between SG1 and SG2 it is ESP tunnel.

We have some confusion regarding the ID payload information in phase 1 and
2. The understanding we have is the following :

In phase 1 we send the IP address of SG1 as IDii (assuming H1 is the
initiator and hence SG1) and IP address of SG2 as IDir.  In phase 2, we
send the actual source and destination - IP addresses of H1 and H2 (or
perhaps other ID types corresponding to entities on H1 and H2) as IDci and
IDcr respectively.

Is this understanding correct?


-thanks in advance
-ramana

* Ramana Yarlagadda                      
* Rendezvous On Chip Pvt Ltd.
* NewVasaviNagar, Kharkhana, 
* SECUNDERABAD - 500015.    
* INDIA                    
* Tele Phone  :  (040) 7742606, 7740406
* Email  : ramana@trinc.com           
* http://www.trinc.com                
******************************************************************


Follow-Ups: