[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: per-host keying



Hi,

Sorry, there was a typing mistake in previous mail It is not section 4.4.4
( there is no section with that number) . please refer to section 4.4.1
and 4.4.2

  if you configure the gateway to extract the selectors from packet you
will acheive what you are looking for In this case though the policy is
  generic, .





>   2401 clearly supports keying of node-to-node tunnels, both for
>end-systems and gateways.
>
>   At most bakeoffs that I've been to, there has been another variation
>on this, which was called per-host (vs per-node) keying. I tell my gateway
>that I want security between:
>      1.2.3.0/24      and        4.5.6.0/24
>
>   but that I want each combination of hosts that communicate to be
>seperately keyed.
>
>   I had assumed that this concept made it into a document somewhere,
>but I can not find it. Am I blind, or did this concept never get written
>down anywhere?




References: