[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question on SA Bundle

To: Lokesh <lokeshnb@intotoinc.com>
Subject: Re: Question on SA Bundle
From: Ravi <ravivsn@roc.co.in>
Date: Wed, 09 Apr 2003 09:48:22 +0530
CC: ipsec@lists.tislabs.com
References: <5.1.0.14.0.20030408150612.0256cec0@172.16.1.10>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02

Title:

Hi ,

I don't think there is public literature on this other than IPSEC architecture
document. Note that, SPD defines the security protocols such as ESP, AH.
In a given SPD policy, you can have both ESP and AH together. This results
into two SAs. Typically, IPSEC informs IKE to get the keys for both of them
together. once IKE gets the keys, it can inform IPSEC packet processing to create
the SA bundle with two SAs.

  Since, IKE negotiates both together, if one SA life time expires, other SAs in 
the SA Bundle can be removed. That means either all SAs in the SA bundle exist
or none exist

-Ravi

Lokesh wrote:

Hi all,
I have a question on Ipsec.
SA's are bundled in SABundle. and there can be multiple SA Bundles existing linked together
in a SPD entry.

1] under what conditions it is decided that a new SA created should be bundled in a New SABundle? not in a existing one?

can anyone point me to literature on this or similar issue ? ( that is regarding SPD and SA Bundles)
Thanks
Lokesh

--
signature

The views presented in this mail are completely mine. The company is not responsible for whatsoever.

Ravi Kumar CH
Rendezvous On Chip (i) Pvt Ltd
Hyderabad, India
Ph: +91-40-2335 1214 / 1175 / 1184

ROC home page

References:
- Question on SA Bundle
  - From: Lokesh <lokeshnb@intotoinc.com>

Prev by Date: Re: Important question about draft-ietf-ipsec-doi-tc-mib-07.txt
Next by Date: RE: Important question about draft-ietf-ipsec-doi-tc-mib-07.txt
Prev by thread: Re: Question on SA Bundle
Next by thread: Re: Question on SA Bundle
Index(es):
- Date
- Thread