[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Selection of proposals

To: rohit <rohit@trinc.com>
Subject: Re: Selection of proposals
From: Stephen Kent <kent@bbn.com>
Date: Wed, 4 Nov 1998 22:46:06 -0500
Cc: ipsec@tis.com
In-Reply-To: <3.0.1.32.19981103173528.0074e680@172.16.1.10>
Sender: owner-ipsec@ex.tis.com

I'm a bit confused by your example.

You say that "During IKE negotiation,  SG1 sends out the SAPayload(with the two
transforms it has) to SG2 and H2." There are two separate IKE SAs here, SG1
to SG2 and SG1 to H2, so neither to these responders sees the other's
negotation. It is up to SG2 to negotiate appropriate SAs for both of these
endpoints. Also, we do not require support for the specific example you
cited, because you have two nested tunnels with a common endpoint. This is
not a required combination according to the arch doc, a simplification made
at the request of other implementors last year.

Steve

Follow-Ups:

Re: Selection of proposals

From: Ramana Yarlagadda <ramana@trinc.com>

Re: Selection of proposals

From: rohit <rohit@trinc.com>

References:

Selection of proposals

From: rohit <rohit@trinc.com>

Prev by Date: Re: IBM VPN Bakeoff Issues
Next by Date: Re: IBM VPN Bakeoff Issues
Next by thread: marketing misuse of IPSECond efforts
Index(es):
- Main
- Thread