[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ikev2 Traffic Selector payload



>From my reading of the policy database, this wouldn't happen. Bob might
narrow the choices in one of two cases:
a) his policy excludes the range of the original packet, in which
case Alice can't forward this packet to Bob no matter what she does, or
b) his policy says only a single source/destination pair allowed on any SA,
in which case he responds with notification #34-single-pair-required

Radia
****************
	From: "David W. Faucher" <dfaucher@lucent.com>

	Regarding draft-ietf-ipsec-ikev2-02.txt section 2.9:
	
	    "The Responder is allowed to narrow the choices 
	     by selecting a subset of the traffic..."
	
	How do we avoid the situation where the reduced set 
	does not encompass the selectors of the original packet 
	on the initiator which started the negotiation?
	
	David