[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Inbound packet processing- mobile host problem



Hi all
I have the following doubts regarding the IPSEC

(1)	According to the RFC, for the inbound packets, the SA (tunnel mode) is retrieved based on the 

            --The Destination IP address of the Outer IP header
            --SPI
            --IPsec protocol

    (a)Does this mean that the security gateway can allot the same SPI value for the different IP addresses (supposing It has
    more than one IP addresses)?

(2) In the case of a mobile host contacting the home security gateway after dialing to a local PPP
server  on the Internet and then crossing the Internet to the home organization's firewall , then is there any automated way
for the discovery/verification of the security gateway/mobile host??


Venkatesh







Follow-Ups: