[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question on inbound IPSEC policy check



Jyothi, Since, the SPD policies are ordered list and priority of the SPD policies should be followed to check the validity of the decrypted packets w.r.t security policy. SG1 will drop the unencrypted packets coming from SG2 Regards, Ravi Jyothi wrote: >Hi all, > >I have a question regarding the inbound SPD policy checking. > >Please consider the following scenario: > >Office1Network-----SG1---------Internet------------SG2-------Office2Network. > >Office1Network has HTTP as well as other services hosted. >Office1 administartor wants to make sure that all HTTP traffic has to go with >3DES and SHA1 > >And all other traffic can go with AH MD5 and no encyrption is required for >performance reasons. > >In this case, if office2Network SG is mis-configured or they did not even >configure HTTP policy. > >Then SG1 accepts the HTTP traffic and process it. >After IPSEC processing, SHOULD WE ACCEPT THOSE PACKETS OR DROP THOSE PACKETS, because higher priority SPD policy is created for the HTTP traffic. > >Any advice on this would be greatly appreciated > > >Thanks in advance, >Jyothi -- The views presented in this mail are completely mine. The company is not responsible for whatsoever. ---------- Ravi Kumar CH Rendezvous On Chip (i) Pvt Ltd Hyderabad, India Ph: +91-40-2335 1214 / 1175 / 1184 ROC home page