[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SPD per interface?




Does IPsec allow each interface to have its own SPD?  That is, for a given
set of selectors, one interface can have a different policy (e.g. encryption
algorithm etc.) than a different interface.

My reading of RFC2401 leads me to believe that this is indeed possible (pg
13 bottom.)

		"... an SG had multiple external interfaces, it might be
necessary to have separate SAD and SPD pairs for each interface."

Thanks,
MikeC



Follow-Ups: