[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on VPN framework document
>A mode of operation that allowed these fields
>to be unspecified would solve the problem. The
>security policy to be applied on the SA (by
>the receiver of the SA) could be determined
>by the identify of the Phase 1 negotiator,
>possibly in conjunction with extra information
>(such as a VPN-ID) conveyed before the Phase
>2 exchange. Essentially this is a policy issue.
>The policy to be applied on a Phase 2 SA, should
>not have to be signalled in the establishment of
>the SA. We should allow the identification of
>the policy to be applied to be based on information
>other than the source and destination IP addresses
>of the packets that will be sent over the SA. This
>becomes particularly important if you are running a
>network where there are multiple domains (e.g VPNs)
>all using the same address space (e.g. 10.0.0.0/8).
Ashley Laurent, Inc. has developed extensions to IPSEC which solve this
problem.
We call it INS (Intranet Name Space). INS solves other problems as well,
but
this is one important one. We will be distributing an IETF draft which will
be backed by
several vendors in the next week or so (prior to the IPSEC bakeoff).
The current version of our VPCom software implements the draft.
( www.VPCom.com )
Jeffrey Goodwin, Ashley Laurent, Inc.
707 West Avenue, Suite 201 Austin, TX 78701
512-322-0676; FAX: 512-322-0680
www.osgroup.com
>
>Bryan
>
BEGIN:VCARD
VERSION:2.1
N:Goodwin;Jeffrey;M.
FN:Jeffrey M. Goodwin
ORG:Ashley Laurent, Inc.
TITLE:CEO
TEL;WORK;VOICE:512 322 0676
TEL;WORK;FAX:512 322 0680
ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;707 West Avenue=0D=0ASuite 201;Austin;TX;78701;USA
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:707 West Avenue=0D=0ASuite 201=0D=0AAustin, TX 78701=0D=0AUSA
URL:
URL:http://www.osgroup.com
EMAIL;PREF;INTERNET:jeffg@osgroup.com
REV:19981012T205226Z
END:VCARD