[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Is TS agreement necessary?

To: "Rajesh Mohan" <Rajesh.Mohan@nexsi.com>
Subject: RE: Is TS agreement necessary?
From: Michael Thomas <mat@cisco.com>
Date: Wed, 3 Apr 2002 15:50:35 -0800 (PST)
Cc: <sommerfeld@east.sun.com>, "Scott G. Kelly" <skelly@SonicWALL.com>, "Mike Ditto" <ford@incog.com>, <ipsec@lists.tislabs.com>
In-Reply-To: <D5E631D5313A324A80B1211963B5D43E0D528A@MBX-SVR1.Winnet.NEXSI.NET>
References: <D5E631D5313A324A80B1211963B5D43E0D528A@MBX-SVR1.Winnet.NEXSI.NET>
Sender: owner-ipsec@lists.tislabs.com

Rajesh Mohan writes:
 > Say, we have this special box made to be used in data centers. We have regular IPSec complaint box in corporate network. It will be convenient for the administrator at data center to tunnel all traffic of a particular VLAN to the corporate network. He does not care what network is at the remote end. On the other end, the corporate administrator has well defined selectors for the tunnel to the cage.
 > 
 > In this unsymmetric setup, having no selectors at IPSec (and a way to negotiate this in IKEv2) is useful.

  Ok, I'm probably in left field here, but what you seem
  to be describing is a completely permissive traffic
  selector, not a lack of one. What's the problem here?

		Mike

References:
- RE: Is TS agreement necessary?
  - From: "Rajesh Mohan" <Rajesh.Mohan@nexsi.com>

Prev by Date: Re: Is TS agreement necessary?
Next by Date: RE: Dead peer detection
Prev by thread: RE: Is TS agreement necessary?
Next by thread: RE: Is TS agreement necessary?
Index(es):
- Date
- Thread