[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Don't remove TS from IKEv2

To: "'Michael Richardson'" <mcr@sandelman.ottawa.on.ca>, ipsec@lists.tislabs.com
Subject: RE: Don't remove TS from IKEv2
From: Michael Choung Shieh <mshieh@netscreen.com>
Date: Thu, 21 Mar 2002 14:40:42 -0800
Sender: owner-ipsec@lists.tislabs.com

> 
>     Michael> It was pointed out the responder can have wider 
> TS to do opportunitic sa.
>     Michael> The problem of it is it only works for 
> client-server case and fails in
>     Michael> peer-to-peer case.  Even in client-server 
> scenario, most likely the server
> 
>   Have you really tried it?
> 

No.  But I believe for peer-to-peer (each side can be either initiator or
responder) the proxy-id or TS must be exact matched.  am I wrong?

Michael Shieh

Follow-Ups:
- Re: Don't remove TS from IKEv2
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: Re: divergent interpretations of IKE/IPsec - interop issues
Next by Date: Re: Addresses in traffic selectors in IKEv2
Prev by thread: RE: Don't remove TS from IKEv2
Next by thread: Re: Don't remove TS from IKEv2
Index(es):
- Date
- Thread