[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PropSelection

To: kent@bbn.com
Subject: PropSelection
From: rohit <rohit@trinc.com>
Date: Mon, 02 Nov 1998 20:13:59 +0500
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

Hi All,
       I wanted some clearification in the following scanerio of IPSec+IKE
implementation.

       If we have  SG1, SG2 and IPSec capable host H2 in the following
scanerio,


   	  |--------ESPtunnel---- |
	  |                      |
         SG1 ----------------- SG2 ----------- H2
         |						|
         |------------------AH Tunnel-----------|


and the security policies are as follows.

At SG1 OutBound Policy is 

 Proposal #1:  
          For SG2 :  ESP with 3DES
          For H2  :  AH with SHA1

 Proposal #2:
          For SG2 : ESP with DES
          For H2  : AH with MD5



At SG2 we have the Inbound Policy as
  
  Proposal # 1 :
            ESP with DES

H2 has the inbound policy as
  
  Proposal # 1:
            AH with SHA1

     
During IKE negotiation,  SG1 sends out the SAPayload(with two proposals it
has) to SG2 and H2. SG2 will select Proposal #2 of SG1 and H2 will select
Proposal # 1 of SG1. The Question is how we can form a SABundle from the
selected Proposals at SG1? Should we have to reject the responses as both
SG2 and H2 have selected two different proposals ?

Any suggestions will be appreciated.


-Thanks a lot
 Rohit















*************************************************************************
    -: Bridging The Gap Between Software And Hardware :-

Rohit Aradhya                              Ph : (040)7742606  
Rendzevous Onchip Pvt Ltd.                 Em : rohit@trinc.com
First Floor, Plot No 14				
New Vasavi Nagar, Karkhana
Secunderbad -500019.
India
**************************************************************************

Next by Date: marketing misuse of IPSECond efforts
Next by thread: marketing misuse of IPSECond efforts
Index(es):
- Main
- Thread