[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: typical IPsec-based VPNs incl. modecfg vs. DHCP

To: "Scott G. Kelly" <scott@airespace.com>
Subject: Re: typical IPsec-based VPNs incl. modecfg vs. DHCP
From: Derek Atkins <derek@ihtfp.com>
Date: 13 Feb 2003 22:28:25 -0500
Cc: Stephen Kent <kent@bbn.com>, BSingh@Nomadix.com, Francis.Dupont@enst-bretagne.fr, ipsec@lists.tislabs.com
In-Reply-To: <3E4C1C33.7FD7F995@airespace.com>
References: <89680B404BA1DD419E6D93B28B41899BE9FC88@01mail.nomadix.com><3E483959.5D2D8DF1@airespace.com><p05100316ba71c5aeec31@[128.89.88.34]><3E4C1C33.7FD7F995@airespace.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

"Scott G. Kelly" <scott@airespace.com> writes:

> In such cases, no SPD entries are consulted following the routing
> lookup, and the routing table (effectively) becomes the SAD/SPD. I think
> this has obvious issues in terms of satisfying the selector criteria you
> outlined in RFC2401, for the reasons I enumerated above. 

This works fine for output processing, but not necessarily for input
processing.

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com

Follow-Ups:
- Re: typical IPsec-based VPNs incl. modecfg vs. DHCP
  - From: "Scott G. Kelly" <scott@airespace.com>

References:
- RE: typical IPsec-based VPNs incl. modecfg vs. DHCP
  - From: BSingh@Nomadix.com
- Re: typical IPsec-based VPNs incl. modecfg vs. DHCP
  - From: "Scott G. Kelly" <scott@airespace.com>
- Re: typical IPsec-based VPNs incl. modecfg vs. DHCP
  - From: Stephen Kent <kent@bbn.com>
- Re: typical IPsec-based VPNs incl. modecfg vs. DHCP
  - From: "Scott G. Kelly" <scott@airespace.com>

Prev by Date: Re: Modefg considered harmful
Next by Date: Re: IKEV2: Issue #3: DHCP vs. Configuration Payload
Prev by thread: Re: typical IPsec-based VPNs incl. modecfg vs. DHCP
Next by thread: Re: typical IPsec-based VPNs incl. modecfg vs. DHCP
Index(es):
- Date
- Thread