[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SPD per interface?
> Does IPsec allow each interface to have its own SPD? That is, for a
[SKIP]
> My reading of RFC2401 leads me to believe that this is indeed possible
> (pg 13 bottom.)
It's not possible, it's required. Page 14, end of the second paragraph,
RFC2401:
"In addition, a nominally separate SPD must be provided for each
IPsec-enabled interface."
> "... an SG had multiple external interfaces, it might be
> necessary to have separate SAD and SPD pairs for each interface."
--
Alexey
References: