Collision in IPSec SA negotiation

["Awan Kumar Sharma" <awank@future.futsoft.com>]

Hi,
  I am having a doubt and would be thankful if anybody could help me out of
this.
Let us take the examples where IPsec operates as a security gateway. In this
case, security gateway P has got one Security Policy for traffic from host A
in network X to host B in network Y with security gateway as Q. Initially
they won't have any SA to use. Now when traffic originates from A for B, P
decides to establish an IPSec SA between host A in network X and host B in
network Y. If at the same time, traffic originates from B for A, Security
gateway for Y i.e. Q. Q will see that there is no SA for this traffic, so it
will also start SA negotiation. So, now we have two SA negotiations going on
for the same traffic between two security gateways.

	Is this a normal behavior. If yes, which SA will be used for protecting the
traffic.
		If no, how to prevent this type of SA negotiation collision.


Thanks and Regards,
Awan Kumar Sharma.

BEGIN:VCARD
VERSION:2.1
N:Sharma;Awan
FN:Awan Kumar Sharma (E-mail)
ORG:Future Software Ltd.;NEC-DF
TITLE:Software Engg.
TEL;WORK;VOICE:+91 (4330550) - 437
TEL;HOME;VOICE:+91 (044) 8205625
ADR;WORK:;;480-481, Mount Road,;Chennai;Tamil Nadu;;India
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:480-481, Mount Road,=0D=0AChennai, Tamil Nadu=0D=0AIndia
EMAIL;PREF;INTERNET:awank@future.futsoft.com
REV:20001110T092335Z
END:VCARD

---

Follow-Ups:

• Collision in IPSec SA negotiation
• From: Tero Kivinen <kivinen@ssh.fi>

---

• Prev by Date: Re: [Re:] Re: Placement of IPSec...
• Next by Date: Collision in IPSec SA negotiation
• Prev by thread: Re: [Re:] Re: Placement of IPSec...
• Next by thread: Collision in IPSec SA negotiation
• Index(es):
  • Main
  • Thread