[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPD per interface?

To: ipsec@lists.tislabs.com
Subject: Re: SPD per interface?
From: alexey.vyskubov@nokia.com (Alexey Vyskubov)
Date: Fri, 24 Aug 2001 14:51:40 +0300
In-Reply-To: <3A6D367EA1EFD4118C9B00A0C9DD99D706502C@rerun.lucentctc.com>
Mail-Followup-To: ipsec@lists.tislabs.com
References: <3A6D367EA1EFD4118C9B00A0C9DD99D706502C@rerun.lucentctc.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mutt/1.3.20i

> Does IPsec allow each interface to have its own SPD?  That is, for a

[SKIP]

> My reading of RFC2401 leads me to believe that this is indeed possible
> (pg 13 bottom.)

It's not possible, it's required. Page 14, end of the second paragraph,
RFC2401:

"In addition, a nominally separate SPD must be provided for each
IPsec-enabled interface."

> 		"... an SG had multiple external interfaces, it might be
> necessary to have separate SAD and SPD pairs for each interface."

-- 
Alexey

References:

SPD per interface?

From: "Cambria, Mike" <mcambria@avaya.com>

Prev by Date: Ipsec load balancing devices - UDP-ESP impact
Next by Date: Re: draft-ietf-ipsec-udp-encaps-00: non-500 ESP encap, 32bits of , i-cookie
Prev by thread: Re: question on SPI
Next by thread: Incoming SPD check on packet with no IPsec header?
Index(es):
- Main
- Thread