[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Help - IPSec Newbie
hi,
i have a small doubt. please help me.
As i understand from RFC 2401, SPD contains entries related to the
polices to
be applied for packets going out/in of/from a particular host/gateway.
Each
entry of the SPD also contains a list of SAs that any packet that applies
that
policy will have to pass through.
For example, a Sample SPD might contain:
<Policy 1> Policy, List of SAs
<Policy 2> Policy, List of SAs
The "List of SAs" could also be a "Single" SA, depending upon the policy.
The
<Policy> to be selected is based on the "selectors" and the packet
parameters.
Now, my question is:
1.As I understand, SPD is a static database done initially, and all the
SAs are created dynamically. This being the case, how will the "List of
SAs" or a "Single SA" be specified in the policy entries of the SPD?
2.Just as the incoming packets help in identifying the SA through which
they should be passed, using the tupple (SPI, Protocol and Dst Addr),
does the SPD entries too have any such identifier for the SAs?
Please help. I am designing an entirely new implementation of IPSec, not
based
on any existing ones. I am doing this as a part of my Masters project,
and,
inter-operability, and performance are my main concerns. Soon, i'll be
posting
my design for your valuable comments and feedback.
Thanking you,
Arvind.
Follow-Ups: