[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAT Traversal

To: Henry Spencer <henry@spsystems.net>
Subject: RE: NAT Traversal
From: "Chinna N.R. Pellacuru" <pcn@cisco.com>
Date: Mon, 4 Mar 2002 10:35:23 -0800 (PST)
cc: "'ipsec mailling list'" <ipsec@lists.tislabs.com>
In-Reply-To: <Pine.BSI.3.91.1020304131529.14394I-100000@spsystems.net>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 4 Mar 2002, Henry Spencer wrote:

> On Mon, 4 Mar 2002, Chinna N.R. Pellacuru wrote:
> > SPI is an IPsec parameter as opposed to IKE. In almost all implementations
> > the SPI space is managed by the IPsec implementation (if we divide IPsec
> > into IPsec implementation and IKE).
>
> Note that not all implementations support such a division.  Some use the
> IKE daemon for general IPsec policy/management as well, in which case it
> may be assigning the SPIs.
>

In that case these implementations might have some inefficiencies if they
want to use another or multiple key management protocols for IPsec.

In any case who ever is doing the SPI management should honor the new
semantics of the SPI. No bits on the wire are changed for IKE.

    chinna

References:
- RE: NAT Traversal
  - From: Henry Spencer <henry@spsystems.net>

Prev by Date: RE: Towards closure on NAT traversal.
Next by Date: RE: NAT Traversal
Prev by thread: RE: NAT Traversal
Next by thread: RE: NAT Traversal
Index(es):
- Date
- Thread