[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Incoming SPD check on packet with no IPsec header?
At 2:26 PM -0400 8/21/01, Cambria, Mike wrote:
>In section 5.2.1 of RFC2401, should step #3 be performed (i.e. find incoming
>policy in the SPD that matches the packet) even if the packet arrives with
>no IPsec headers (e.g. nothing to do in steps 1 & 2)?
>
>The beginning of section 5 (and 4.4.1) says that the SPD must be consulted
>during the processing of all traffic. However, since 5.2.1 doesn't mention
>to do this, I wanted to check.
>
>Thanks,
>MikeC
One needs to check to see that any inbound packet without an IPsec
header is allowed to be bypassed (vs. discarded). The SPD contains
the requisite info to make this decision.
Steve
References: