[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question on inbound IPSEC policy check

To: ipsec@lists.tislabs.com
Subject: Question on inbound IPSEC policy check
From: Jyothi <vjyothi@intotoinc.com>
Date: Wed, 23 Apr 2003 13:03:16 +0530
In-Reply-To: <421CB3B9B2D2F645B548D213C0A90E5583FB40@TMM_EDGMSMSG01>
Sender: owner-ipsec@lists.tislabs.com

Hi all,

I have a question regarding the inbound SPD policy checking.

Please consider the following scenario:

Office1Network-----SG1---------Internet------------SG2-------Office2Network.

Office1Network has HTTP as well as other services hosted.
Office1 administartor wants to make sure that all HTTP traffic has to go with
3DES and SHA1

And all other traffic can go with AH MD5 and no encyrption is required for
performance reasons.

In this case, if office2Network SG is mis-configured or they did not even
configure HTTP policy.

Then SG1 accepts the HTTP traffic and process it.
After IPSEC processing, SHOULD WE ACCEPT THOSE PACKETS OR DROP THOSE 
PACKETS, because higher priority SPD policy is created for the HTTP traffic.

Any advice on this would be greatly appreciated


Thanks in advance,
Jyothi

Follow-Ups:
- Re: Question on inbound IPSEC policy check
  - From: suren <suren@intotoinc.com>
- Re: Question on inbound IPSEC policy check
  - From: Ravi <ravivsn@roc.co.in>
- Re: Question on inbound IPSEC policy check
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Important question about draft-ietf-ipsec-doi-tc-mib-07.txt
Next by Date: Re: peer address protection
Prev by thread: ESP and header compression drafts
Next by thread: Re: Question on inbound IPSEC policy check
Index(es):
- Date
- Thread