[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: parallel vpns

To: "'Stephen Kent'" <kent@po1.bbn.com>, Sankar Ramamoorthi <Sankar@vpnet.com>
Subject: RE: parallel vpns
From: Sankar Ramamoorthi <Sankar@vpnet.com>
Date: Thu, 8 Jul 1999 10:25:22 -0700
Cc: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com



->From: Stephen Kent [kent@po1.bbn.com]
>Sent: Wednesday, July 07, 1999 6:58 PM
>To: Sankar Ramamoorthi
>Cc: 'ipsec@lists.tislabs.com'
>Subject: Re: parallel vpns
>
>Sankar,
>
>>I have a setup where a pair of gateways SG1, SG2 are protecting
>>hosts S1,S2 and D1,D2 respectively. I want to define 2 vpns
>>VPN1, VPN1 where
>>
>>S1,D1 belong to VPN1
>>
>>S2,D2 belong to VPN2
>>
>>Does IPsec architecture allows for such policy defnitions?
>>ie: multiple VPNs managed by a pair of gateways.
>
>IPsec does not define the term "VPN."  if, what you mean is can you cause

Agreed. I meant to use the term 'policy description'.

>there to be two distinct sets of SAs established for traffic between S1 and
>D1 vs. S2 and D2, the answer is yes.  One can define different SPD entries

>that will create separate SAs for these pairs of hosts, and the SAs can use
>different protocols or protocol combinations, different algorithm  suites,
>and, of course, different keys.

By SA's here you mean IKE SA of IPSec SAs?
I do not have a problem creating separate IPSec SA's for these
pair of hosts. However to create the IPSec SA, I need to use
a key exchange protocol like IKE and I was concerned
about the creation of the IKE SA.

-- sankar --

Follow-Ups:

RE: parallel vpns

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: draft-ietf-ipsec-notifymsg-00.txt (long again)
Next by Date: RE: parallel vpns
Prev by thread: Re: parallel vpns
Next by thread: RE: parallel vpns
Index(es):
- Main
- Thread