[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: matching GW addr to ID payload (fwd)
On Fri, 3 Dec 1999, Slava Kavsan wrote:
> "CHINNA N.R. PELLACURU" wrote:
>
> > Is this acceptable, or should we enforce that ID and the IP address used
> > should be equal?
>
> I would say yes in the case when ID Payload contains IP Address type.
> But we should also allow to have ID Payload to contain FQDN type (and other
> non-IP IDs) and is use it to select the Policy entry.
>
>
>
If you do not check that the ID used to search the pre-shared key is the
same as the ID payload content, then you should not use the ID payload
content to select policy. IE, in MM using pre-shared keys, only the source
IP address on the negotiation can be used to select policy.
If I know the pre-shared key associated with IP1, then the gateway should
select the policy associated with IP1, and should not select the policy
based on what I sent in the ID payload (if this is different from IP1).
-chinna
chinna narasimha reddy pellacuru
s/w engineer
Follow-Ups:
References: