[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PropSelection
Hi All,
I wanted some clearification in the following scanerio of IPSec+IKE
implementation.
If we have SG1, SG2 and IPSec capable host H2 in the following
scanerio,
|--------ESPtunnel---- |
| |
SG1 ----------------- SG2 ----------- H2
| |
|------------------AH Tunnel-----------|
and the security policies are as follows.
At SG1 OutBound Policy is
Proposal #1:
For SG2 : ESP with 3DES
For H2 : AH with SHA1
Proposal #2:
For SG2 : ESP with DES
For H2 : AH with MD5
At SG2 we have the Inbound Policy as
Proposal # 1 :
ESP with DES
H2 has the inbound policy as
Proposal # 1:
AH with SHA1
During IKE negotiation, SG1 sends out the SAPayload(with two proposals it
has) to SG2 and H2. SG2 will select Proposal #2 of SG1 and H2 will select
Proposal # 1 of SG1. The Question is how we can form a SABundle from the
selected Proposals at SG1? Should we have to reject the responses as both
SG2 and H2 have selected two different proposals ?
Any suggestions will be appreciated.
-Thanks a lot
Rohit
*************************************************************************
-: Bridging The Gap Between Software And Hardware :-
Rohit Aradhya Ph : (040)7742606
Rendzevous Onchip Pvt Ltd. Em : rohit@trinc.com
First Floor, Plot No 14
New Vasavi Nagar, Karkhana
Secunderbad -500019.
India
**************************************************************************