[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Don't remove TS from IKEv2
if TS (so is SPD) is not exact match in peer-to-peer, then traffic may be
silently rejected after IKE is up. This totally defeats the MAIN purpose of
TS. then what good is TS?
Michael
> -----Original Message-----
> From: Bill Sommerfeld [mailto:sommerfeld@east.sun.com]
> Sent: Thursday, March 21, 2002 2:55 PM
> To: Michael Choung Shieh
> Cc: 'Michael Richardson'; ipsec@lists.tislabs.com
> Subject: Re: Don't remove TS from IKEv2
>
>
> > No. But I believe for peer-to-peer (each side can be
> either initiator or
> > responder) the proxy-id or TS must be exact matched. am I wrong?
>
> There's no fundamental reason why this has to be the case, and I
> believe that TS can be defined such that an exact match is not
> necessary.
>
> - Bill
>