[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multiple payloads via "ID_LIST"



Pardon me for coming into this discussion a bit late...

>  If they needed it yesterday tell them to establish 2 SAs, one soley
>for X and the other soley for Y. It would be *nice* to be able to have a 
>single one but I think this clearly falls in the "if it ain't broke..." 
>category. It can be easily solved today (and yesterday too) using existing 
>mechanisms.

What if, instead of there being only two subnets behind a security
gateway, there were a hundred or more?  All disjoint, non-combinable,
etc.  It becomes a serious resource utilization issue, not to mention
that negotiating all those Quick Modes takes time (especially when
you're doing PFS), and it seems a waste when you're applying the same
security policy to all of them.

And yes, I've had customers (plural) that have cited this as an issue.

-Shawn Mamros
E-mail to: smamros@BayNetworks.com





Follow-Ups: