RE: Associating newly created SA bundles with Policies

["Sergey Zakharov" <Sergey.Zakharov@samsung.ru>]

Thanks a lot,

I've got it! All selectors are in Identification payload in the first
Quick mode message. Now, with these selectors I can select the
particular policy and link new SA to this policy.

Sergey Zakharov

> -----Original Message-----
> From: jeff pickering [mailto:jeffp@caspiannetworks.com]
> Sent: Wednesday, December 18, 2002 8:44 PM
> To: Sergey Zakharov
> Subject: Re: Associating newly created SA bundles with Policies
> 
> 
> Sergey,
> I would assume that the responder would need to know the appropriate
> policy in order to create the SA(bundle) in the first place, ie its
the
> policy that
> determines acceptable proposals, etc.
> Jeff
> 
> 
> Sergey Zakharov wrote:
> 
> > Hello.
> >
> > The SA bundle was created as a result of IKE negotiations. The host
acts
> > in these negotiations as a responder. Should it associate this
bundle
> > with some policy?
> >
> > If the answer to this question - yes:
> > - If several Policies match this bundle (we can use only IP address
as a
> > selector), it should be associated with all of them? This can cause
some
> > problems (on this host this bundle is associated with multiple
policies,
> > but on the remote host only with single)
> >
> > If the answer - no:
> > - The outbound SA will be never used?
> >
> > Thanks,
> > Sergey Zakharov