Re: inbound vs outbound?

["mahdavi" <mahdavi@sepahan.iut.ac.ir>]

Hi.
(as I mentioned )
Its Strange. I did not saw this matter that you said in RFC2401. there is no
reason to look at SPD twice.

do you think that we have two SPD for an ipsec system ? ( one for outbound
and one for inbound !! ). but we just have one SPD per IPSEC system.

Also I choosed native implementation s why I have to process one packet
twice ? I have one Ipsec system for all interfaces with just one SPD.

I choosed this Strategy. Every packet that is comming (iamgine it has not
fragment problem) to my router will go to IPSEC system before that router do
any thing for it. Ipsec makes a new packet ( perhaps same packet ) and gives
it to router agian. After that router sends it on appropriate Interface.

Imagine my router address is A.
there are these kinds of packets.
1- A regular packet from B to C. Now I just put it under Outbound process.
 is there any thing wrong? ) .
2- An IPSEC packet that is not destined to my router. It is also outbound.
 is it wrong ? ).
3- An IPSEC packet that is destined to my machine. It is an inbound packet .
Now it goes under inbound process. ( I can agree with you just in this case.
after inbound process I gain another packet that. So it must go under
outbound process.)

Now I just  redefine my opinion as the following sentence.

"every packet is outbound else it destined to my machine in tunnel mode.
after inbound process on such a packet I have to process it as outbound"

if this pharase has any error let me know.

sincerely yours

mahdavi.

---

Follow-Ups:

• Re: inbound vs outbound?
• From: Christophe Gouault <christophe.gouault@6wind.com>

---

• Prev by Date: ( need more answer) inbound VS. outbound.
• Next by Date: Re: inbound vs outbound?
• Prev by thread: Re: inbound vs outbound?
• Next by thread: Re: inbound vs outbound?
• Index(es):
  • Main
  • Thread