[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Collision in IPSec SA negotiation

To: "IpsecMailingList (E-mail)" <ipsec@lists.tislabs.com>
Subject: Re: Collision in IPSec SA negotiation
From: "Amey Gokhale" <agokhale@postmaster.co.uk>
Date: Fri, 29 Dec 2000 05:06:20 +0000
Sender: owner-ipsec@lists.tislabs.com

hello all,
      I agree with what Mr.Tero says, yes it is a normal 
behaviour. Since SA are unidirectional, for each traffic
(inbound and outbound) there will be different SAs.

      A---P--------Q---B
         (SG)     (SG)   
In this scenario A will request for a new tunnel to P 
for traffic from A to B as well as when B wants to send 
data to A it will also request for a new tunnel to Q.
There will be 2 SAs for A, one for incoming traffic and one 
for outgoing traffic. Similarly two SAs for B when he wants 
to send the data to A. For one tunnel(A to B) SA of A for 
incoming traffic will be same as SA of B for outgoing 
traffic for that tunnel and SA of A for ougoing traffic 
will be same as SA of B for incoming traffic. Similar case 
will be there for other tunnel(B to A).

I may be wrong so plz. correct me if i am.
Amey

Prev by Date: Re: Fw: IPSec vs. SSL
Prev by thread: Collision in IPSec SA negotiation
Index(es):
- Main
- Thread