[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPComp CA and IPsec SA negotiations

To: ipsec mailing list <ipsec@lists.tislabs.com>
Subject: IPComp CA and IPsec SA negotiations
From: Joachim Abrahmsén <jca@steria.se>
Date: Mon, 10 Jun 2002 15:24:25 +0200
Organization: IT Security, Steria AB
Sender: owner-ipsec@lists.tislabs.com

We're about to implement support for compression into our VPN-product,
but can't quite figure out how to extend the IKE negotiation in order to
include IPComp.

RFC 3173 section 4.1 says
   "For IPComp in the context of IP Security, IKE provides the necessary
   mechanisms and guidelines for establishing IPCA.  Using IKE, IPComp
   can be negotiated as stand-alone or in conjunction with other IPsec
   protocols."

What I want is to _use_ IPComp in conjuntion with other IPsec (in my
case ESP) protocols.

If I interpret this correctly I may do it either way; negotiating them
as two separate SA, possibly as two SA payloads in the same QM
negotiation, or as a SA boundle with ESP and IPComp in the same
proposal.
I would prefer to negotiate them separately, since I don't wan't the
whole negotiation to fail because the peer doesn't support IPComp, and I
would prefer not to duplicate my proposals (with and without IPComp).

What is common practise?

Thanks in advance
 
-Joachim

Follow-Ups:
- Re: IPComp CA and IPsec SA negotiations
  - From: Abraham Shacham <shacham@juniper.net>

Prev by Date: RE: PMTU and NAT-Traversal problem
Next by Date: I-D ACTION:draft-ietf-ipsec-ciph-aes-xcbc-mac-02.txt
Prev by thread: RE: PMTU and NAT-Traversal problem
Next by thread: Re: IPComp CA and IPsec SA negotiations
Index(es):
- Date
- Thread