[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Question on SA Bundle
Title:
Hi ,
I don't think there is public literature on this other than IPSEC architecture
document. Note that, SPD defines the security protocols such as ESP, AH.
In a given SPD policy, you can have both ESP and AH together. This results
into two SAs. Typically, IPSEC informs IKE to get the keys for both of them
together. once IKE gets the keys, it can inform IPSEC packet processing to create
the SA bundle with two SAs.
Since, IKE negotiates both together, if one SA life time expires, other SAs in
the SA Bundle can be removed. That means either all SAs in the SA bundle exist
or none exist
-Ravi
Lokesh wrote:
Hi all,
I have a question on Ipsec.
SA's are bundled in SABundle. and there can be multiple SA Bundles existing
linked together
in a SPD entry.
1] under what conditions it is decided that a new SA created should be bundled
in a New SABundle? not in a existing one?
can anyone point me to literature on this or similar issue ? ( that is regarding
SPD and SA Bundles)
Thanks
Lokesh
--
signature
The views presented in this mail are completely mine. The company is not
responsible for whatsoever.
Ravi Kumar CH
Rendezvous On Chip (i) Pvt Ltd
Hyderabad, India
Ph: +91-40-2335
1214 / 1175 / 1184
ROC home page