[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: quick mode "proxy" case

To: "Saket Dandawate" <sdandawate@pace.stpp.soft.net>
Subject: Re: quick mode "proxy" case
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Wed, 11 Sep 2002 08:55:42 +0200
cc: ipsec@lists.tislabs.com, "Jari Arkko" <jari.arkko@kolumbus.fi>
In-reply-to: Your message of Wed, 11 Sep 2002 09:57:16 +0530. <002901c2594b$827ffb80$bc64a8c0@saket>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

       To add to ur question can anybody tell me how do we specify
   address range, say IPV4addressrange in proxy mode using identity payloads.
   
=> in the case I am interested to the only possible identity types
are ID_IPV4_ADDR and ID_IPV6_ADDR (names are at least complex/ambiguous
and subnets/ranges don't fit with transport mode).

   Also what i couldnt understand was, are u interested in IKE or IPsec role.
   Since IKE doesnt care whether its Tunnel or transport. It just exchanges the
   attributes and IDi,IDr. Local policies in IPsec does the rest
   
=> local policies are not a second order detail in the "proxy" case.
But we can look at the case where more than one SA is negociated
in a quick/phase 2 exchange...

Regards

Francis.Dupont@enst-bretagne.fr

References:
- Re: quick mode "proxy" case
  - From: "Saket Dandawate" <sdandawate@pace.stpp.soft.net>

Prev by Date: Re: quick mode "proxy" case
Next by Date: Re: IPSec v6 on linux
Prev by thread: Re: quick mode "proxy" case
Next by thread: security policy discovery
Index(es):
- Date
- Thread