[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Out of Sync Security Policies - Design Flaw
> From: EXT Kim Edwards [mailto:kimed@nortelnetworks.com]
>> I believe that a third Id payload would be required:
>
> - Id payload for Initiator's security policy selectors
> - Id payload for Responder's security policy selectors
> - Id payload for Initiator's packet selectors
Another solution is totally disable policy checking from IKE.
Kernel has to do it anyway for each packet as described in RFC-2401.
Follow-Ups:
References: