[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Collision in IPSec SA negotiation

hello all,
      I agree with what Mr.Tero says, yes it is a normal 
behaviour. Since SA are unidirectional, for each traffic
(inbound and outbound) there will be different SAs.

         (SG)     (SG)   
In this scenario A will request for a new tunnel to P 
for traffic from A to B as well as when B wants to send 
data to A it will also request for a new tunnel to Q.
There will be 2 SAs for A, one for incoming traffic and one 
for outgoing traffic. Similarly two SAs for B when he wants 
to send the data to A. For one tunnel(A to B) SA of A for 
incoming traffic will be same as SA of B for outgoing 
traffic for that tunnel and SA of A for ougoing traffic 
will be same as SA of B for incoming traffic. Similar case 
will be there for other tunnel(B to A).

I may be wrong so plz. correct me if i am.