[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: inbound vs outbound?





>one need not lookup a packet in the SPD twice. An IPsec-protected 
>packet arriving from the Internet and directed to a system behind an 
>SG is lookup up once in the SAD, to map it to an SA, and the 
>processed packet is then lookup up in the SPD to ensure that it is 
>consistent with the SA via which it was received.
Consider the case that there is a tunnel from router A to router B 
where packets of class P are transmitted. When the packets arrive 
at router B, some of them, say subclass P1, are forward to a lan 
directly. Others, say subclass P2, are tunneled to router C.
 
I don't think only one consult of SPD can achieve it.

		
   	
	

			Dong Xiaohu
            sleepy-cat@263.net