[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: phase 2 and ports

To: "Hilarie Orman" <HORMAN@novell.com>
Subject: Re: phase 2 and ports
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Date: Tue, 27 Jun 2000 22:08:37 -0400
cc: sommerfeld@East.Sun.COM, vilhuber@cisco.com, ipsec@lists.tislabs.com, ipsec-policy@vpnc.org
In-Reply-To: Message from "Hilarie Orman" <HORMAN@novell.com> of "Tue, 27 Jun 2000 19:14:51 MDT." <s958fd35.016@prv-mail20.provo.novell.com>
Reply-to: sommerfeld@orchard.arlington.ma.us
Sender: owner-ipsec@lists.tislabs.com

> It should be OK to use an IPSEC SA for a port other than the one
> originally negotiated.  It's the sender's option, eh?  

Huh?

rfc2401 says otherwise -- ports can be specified in inbound as well as
outbound policy.

Folks involved with NRL ipsec implementation have told me that inbound
enforcement of unique sa's per connection was always on their TODO
list..

					- Bill

Prev by Date: Re: phase 2 and ports
Next by Date: Informational exchanges
Prev by thread: Re: phase 2 and ports
Next by thread: RE: phase 2 and ports
Index(es):
- Main
- Thread