[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Incoming SPD check on packet with no IPsec header?

To: "Cambria, Mike" <mcambria@avaya.com>, ipsec@lists.tislabs.com
Subject: Re: Incoming SPD check on packet with no IPsec header?
From: Ramana Yarlagadda <ramana@chiplogic.com>
Date: Tue, 21 Aug 2001 13:19:26 -0700
In-Reply-To: <3A6D367EA1EFD4118C9B00A0C9DD99D706502D@rerun.lucentctc.com>
Sender: owner-ipsec@lists.tislabs.com

Yes, you have to.

Let's say for A-B , discard on one end (Sg1). And if the other end has
a policy , A-b bypass.

Then with out checking the polciy on SG1, you will accept that which
is not correct.

-ramana
At 02:26 PM 8/21/01 -0400, Cambria, Mike wrote:

>In section 5.2.1 of RFC2401, should step #3 be performed (i.e. find incoming
>policy in the SPD that matches the packet) even if the packet arrives with
>no IPsec headers (e.g. nothing to do in steps 1 & 2)?
>
>The beginning of section 5 (and 4.4.1) says that the SPD must be consulted
>during the processing of all traffic.  However, since 5.2.1 doesn't mention
>to do this, I wanted to check.
>
>Thanks,
>MikeC

References:

Incoming SPD check on packet with no IPsec header?

From: "Cambria, Mike" <mcambria@avaya.com>

Prev by Date: RE: Incoming SPD check on packet with no IPsec header?
Next by Date: Re: Bakeoff summary
Prev by thread: Re: Incoming SPD check on packet with no IPsec header?
Next by thread: Re: Incoming SPD check on packet with no IPsec header?
Index(es):
- Main
- Thread