[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SOI QUESTION: 5.3 SPD entries
Please discuss and answer the following question:
5.3 SPD entries
5.3.A) Is it important in SOI to allow the the responder to accept a subset
of the proposed SA, or should it be an all or nothing acceptance?
5.3.B) Should the SOI offer multiple selectors with specific ports and
addresses, or a single selector with a range of ports and range of
addresses? (complicated boolean complexity!)
Implications from the scenarios:
<<<In the case of a pair of SGWs fronting multiple non-contiguous
subnets, a mechanism that allowed the negotiation of a list of phase 2
identities will help to alleviate the number of IPsec tunnels that must
be created.>>> [[[5.3]]]