[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
two questions.
Hi all !
I'm a student trying to implement ipsec using
ESP ( bump-in-stack) with manual SA & Key management.
i had following
doubts....
--> how do 2 hosts wanting to use ipsec decide
on the SPI (manual SA)?
both the user choose
common SPI, selector, keys & fill them into the ipsec
Database?
basically, the confusion arised when
considering the inbound packet processing.
the
sender fills in the ESP header which contains the SPI. so the receiver checks
the SPI
( & ofcourse the dest addr &
protocol )& decides which SA to use. so does that
mean
both the SPI number (at sending &
receiving host) has to be same?
--> why is it necessary to perform
fragmentation/reassembly? or rather, why is ipsec
applied
to whole datagrams only?
any help will be greatly appreciated. i'm sorry if
i'm repeating questions, but i couldn't really
find a satisfactory answer to the
above...
thanking in anticipation...
-Anu.
Follow-Ups: