[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Collision in IPSec SA negotiation

  I am having a doubt and would be thankful if anybody could help me out of
Let us take the examples where IPsec operates as a security gateway. In this
case, security gateway P has got one Security Policy for traffic from host A
in network X to host B in network Y with security gateway as Q. Initially
they won't have any SA to use. Now when traffic originates from A for B, P
decides to establish an IPSec SA between host A in network X and host B in
network Y. If at the same time, traffic originates from B for A, Security
gateway for Y i.e. Q. Q will see that there is no SA for this traffic, so it
will also start SA negotiation. So, now we have two SA negotiations going on
for the same traffic between two security gateways.

	Is this a normal behavior. If yes, which SA will be used for protecting the
		If no, how to prevent this type of SA negotiation collision.

Thanks and Regards,
Awan Kumar Sharma.

FN:Awan Kumar Sharma (E-mail)
ORG:Future Software Ltd.;NEC-DF
TITLE:Software Engg.
TEL;WORK;VOICE:+91 (4330550) - 437
TEL;HOME;VOICE:+91 (044) 8205625
ADR;WORK:;;480-481, Mount Road,;Chennai;Tamil Nadu;;India
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:480-481, Mount Road,=0D=0AChennai, Tamil Nadu=0D=0AIndia