[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC SA bundle in SAD /RFC2401

To: <ipsec@lists.tislabs.com>, "Qu Duan" <qduan@ecutel.com>
Subject: Re: IPSEC SA bundle in SAD /RFC2401
From: "Li Ruicong" <ruicong@krdl.org.sg>
Date: Wed, 7 Jul 1999 10:44:25 +0800
References: <3.0.5.32.19990706202707.00960760@192.168.50.149>
Sender: owner-ipsec@lists.tislabs.com


> Dear Everyone,
>
>
> Can anyone of you tell me that, by standard  for an adjacent SA bundle
like
>
>            [IP] [AH] [ESP] [Upper]
>
> I should use two separated SA or use one SA but specify the two ALGs
> (and two keys)in one SA?

I think you should use two separated SA, one for AH and another for ESP. For
example, if your SA bundle like
        [IP] [AH] [ESP] [ESP] [Upper]
you should use three SAs.


Regards,

Li


>
> If I have to use one SA for AH, one SA for ESP, do AH later, do I have
> to tell SPD that now the outbound packet's selector value in transport
> is ESP?


> Thanks.
>
> Qu
>

References:

IPSEC SA bundle in SAD /RFC2401

From: Qu Duan <qduan@ecutel.com>

Prev by Date: IPSEC SA bundle in SAD /RFC2401
Next by Date: Re: draft-ietf-ipsec-ike-ext-meth-01.txt
Prev by thread: IPSEC SA bundle in SAD /RFC2401
Next by thread: Re: IPSEC SA bundle in SAD /RFC2401
Index(es):
- Main
- Thread