[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: identifying IPsec SAs (was Re: IPsec AH and ESP I-Ds; source address as possible SA selector for multicast SA?
> From: Mark Baugher <mbaugher@cisco.com>
> I may be misunderstanding something about IPsec. By my reading of RFC
> 2401, the SA is uniquely identified by <SPI, destination address, IPsec
> protocol> and it is not possible to install another SA having the same
> triple but with a different source address based upon some SPD entry.
I also (same Stephen Kent) assumed that there must be some entity that
is responsible of actually creating and distributing the SA's for a
specific multicast group, and therefore also assigns unique SPI for
each SA.