[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec in tunnel mode and dynamic routing
Stephen Kent wrote:
>
> 2401 requires that the SA binding be maintained only within the IPsec
> implementation. I understood your comments to suggest something else,
> e.g., a separate firewall module not part of IPsec. If I misunderstood,
> I apologize.
We want the SA is kept outside the IPsec, so that packets that pass
through other modules in the meantime will retain their SA, e.g., Sec 8.4.
Joe
Follow-Ups:
References: