[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ID payload on phase 2.

To: dharkins@network-alchemy.com
Subject: Re: ID payload on phase 2.
From: Shoichi Sakane <sakane@ydc.co.jp>
Date: Fri, 10 Dec 1999 16:00:23 +0900 (JST)
Cc: ipsec@lists.tislabs.com
In-Reply-To: Your message of "Wed, 8 Dec 1999 07:16:31 -0800"<H00013960da214d7@MHS>
References: <H00013960da214d7@MHS>
Sender: owner-ipsec@lists.tislabs.com

>   The ID payload describes the selector for which IP packets will be
> applied some IPSec transforms. If your selector is for all TCP packets 
	: (snip)
> gateway which protects 10.10.10/24 that gateway would initiate a phase
> 2 exchange with IDs for 10.10.10/24/tcp/0 and 10.20.20.2/tcp/0.

I have understood.

What do you think about my second question ?

> > Is the end of the IKE-SA's IP address always same to the IPsec-SA's ?
> > If node has some IP address, then is there a potential that multiple SA 
> > based IP address is created, but same nodes are communicating ?

Where do I get IP address of the end of the IPsec-SA from ?

I am thinking that it's useful for a Mobile-IP and a node which has
multiple IP addresses that IKE can exchange the IP address of the SA.
It's just idea.

Regards,

/Shoichi `NE' Sakane @ KAME project/

References:

Re: ID payload on phase 2.

From: francisco_corella@hp.com

Prev by Date: Re: cookie verification
Next by Date: Re: cookie verification
Prev by thread: Re: ID payload on phase 2.
Next by thread: RE: ID payload on phase 2.
Index(es):
- Main
- Thread