[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: parallel vpns

To: Sankar Ramamoorthi <Sankar@vpnet.com>
Subject: Re: parallel vpns
From: Stephen Kent <kent@po1.bbn.com>
Date: Wed, 7 Jul 1999 21:57:35 -0400
Cc: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
In-Reply-To: <D899E9E27BE9D211842200805FA67B431B9492@vpnet.com>
Sender: owner-ipsec@lists.tislabs.com

Sankar,

>I have a setup where a pair of gateways SG1, SG2 are protecting
>hosts S1,S2 and D1,D2 respectively. I want to define 2 vpns
>VPN1, VPN1 where
>
>S1,D1 belong to VPN1
>
>S2,D2 belong to VPN2
>
>Does IPsec architecture allows for such policy defnitions?
>ie: multiple VPNs managed by a pair of gateways.

IPsec does not define the term "VPN."  if, what you mean is can you cause
there to be two distinct sets of SAs established for traffic between S1 and
D1 vs. S2 and D2, the answer is yes.  One can define different SPD entries
that will create separate SAs for these pairs of hosts, and the SAs can use
different protocols or protocol combinations, different algorithm  suites,
and, of course, different keys.

Steve

References:

parallel vpns

From: Sankar Ramamoorthi <Sankar@vpnet.com>

Prev by Date: RE: parallel vpns
Next by Date: What's value of the Next Header in 'tunnel mode' of ESP/AH?
Prev by thread: Re: parallel vpns
Next by thread: Re: parallel vpns
Index(es):
- Main
- Thread