[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using por numbers in selectors



  For gateways, yes. If you've negotiated port/protocol granulatity for 
an IPSec SA and a packet gets fragmented prior to being IPSec protected 
then the other end will have to queue up enough of the decapsulated 
fragments to get the port/protocol and decide whether to forward it on to 
the ultimate end-system. 

  Dan.

On Wed, 23 Jun 1999 11:32:41 EDT you wrote
> Isn't there an issue with port number policy lookups and fragmented packets?
>  
> Victor
> 



Follow-Ups: References: