[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKE Delete payloads (clarification)

To: ipsec@lists.tislabs.com
Subject: IKE Delete payloads (clarification)
From: antonio.barrera@nokia.com
Date: Wed, 6 Sep 2000 17:09:56 +0300
Sender: owner-ipsec@lists.tislabs.com

When I said "Or IKE assumes that the destination address is the LOCAL
address?"
I say it from the sender point of view, from the receiver it would be the
REMOTE address, of course.

Toni

-----Original Message-----
From: Barrera Antonio (NRC/Helsinki) 
Sent: 06. September 2000 17:06
To: ipsec@lists.tislabs.com
Subject: IKE Delete payloads


	If IKE wants to send a Delete payload for an IPSEC SA it can only
specify the SPI and protocol but not the destination address.
- These are the 3 things that identify a IPSEC SA so how can IKE know which
one should be erased? 
- Or IKE assumes that the destination address is the LOCAL address? 
(Then the remote end will never try to send using an SA that is no longer in
the local machine. There shouldn't be a problem for the other direction it
just it would be hanging there until it expires (no more used because no
longer in the local side and is only for incoming traffic))

Toni

Prev by Date: IKE Delete payloads
Next by Date: Re: Connecting IPSec tunnels
Prev by thread: Re: IKE Delete payloads
Next by thread: RE: I-D ACTION:draft-lordello-ipsec-vpn-doi-00.txt
Index(es):
- Main
- Thread