[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: multiple payloads via "ID_LIST"
Pardon me for coming into this discussion a bit late...
> If they needed it yesterday tell them to establish 2 SAs, one soley
>for X and the other soley for Y. It would be *nice* to be able to have a
>single one but I think this clearly falls in the "if it ain't broke..."
>category. It can be easily solved today (and yesterday too) using existing
>mechanisms.
What if, instead of there being only two subnets behind a security
gateway, there were a hundred or more? All disjoint, non-combinable,
etc. It becomes a serious resource utilization issue, not to mention
that negotiating all those Quick Modes takes time (especially when
you're doing PFS), and it seems a waste when you're applying the same
security policy to all of them.
And yes, I've had customers (plural) that have cited this as an issue.
-Shawn Mamros
E-mail to: smamros@BayNetworks.com
Follow-Ups: