[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SPD Selector (Newbie) Question

To: ipsec@lists.tislabs.com
Subject: SPD Selector (Newbie) Question
From: Marco Ender <marco.ender@dungeonmaster.at>
Date: Thu, 2 Aug 2001 03:22:32 +0200
Reply-To: Marco Ender <marco.ender@dungeonmaster.at>
Sender: owner-ipsec@lists.tislabs.com

Hello,

i am writing on my diploma thesis about VPNs (not in english as you
may guess ;)) and have a question which may someone of you can answer.
If this is not the place to ask such questions i am sorry, but i
couldn´t find a newsgroup for IPSec, if there is another newsgroup or
list that fits better please tell me and i will no longer bother you
=)

In RFC2401 (Security Architecture for the Internet Protocoll) on page
17 it is mentioned that in the SPD there can be used IP-Adresses (and
adress ranges) or Identifiers like names. Now my question: Suppose i
want to use names, how does a security gateway match incoming
IP-packets from the local subnet (which should be sent secured over
the internet to somewhere else) to those names? The hosts will not
send identifiers along with every IP-packet i guess, so how does it
work? If every SPD-entry has to have ip-adresses in addition to the
name, what is the name good for?

hope you can help me

Marco

Follow-Ups:

Re: SPD Selector (Newbie) Question

From: Joern Sierwald <joern.sierwald@F-Secure.com>

Prev by Date: RE: IPSec performance statistics
Next by Date: RE: IPSec performance statistics
Prev by thread: Re: ipsec design related questions.
Next by thread: Re: SPD Selector (Newbie) Question
Index(es):
- Main
- Thread