[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

interoperability issue with 'lifekbytes'

To: <ipsec@lists.tislabs.com>
Subject: interoperability issue with 'lifekbytes'
From: "Arun" <arun_mc@intotoinc.com>
Date: Tue, 1 Jul 2003 10:35:31 -0700
Sender: owner-ipsec@lists.tislabs.com

Hi, We are frequently encountering interoperability = problems with 'lifekbytes' configuration. Different vendors = accept/implement different ways. Having consistent method mentioned in the = standards will help eliminating/reducing the mis-interpretation. Any = feedback on following interoperability issue from WG is appreciated. Security Gateway1--------------------Security = Gateway2 Admin at SG1 configured the IPSEC security policy = indicating that 'lifekbytes' is not expected. SG2 sends QM SA = payload with lifekbytes attribute with some value. Should SG1 accept = the SA payload OR should it deny the SA payload. We feel that, since local admin made a choice that lifekbytes is not required/expected, it should deny the SA negotiation. What is the right thing to do? Also, we feel that = by having consistent configuration on both ends will eliminate = the confusion. Related question: What happens when SG1 starts the = quick mode? Should SG2 deny the negotiation as it expected = lifekbytes attribute, but there is no 'lifekbytes' attribute coming from = SG1? We feel that, for both cases to work, it is better to = have same configuration on both ends so that it works consistently = and give choice to the administrators. Thanks in advance, Arun

Prev by Date: RE: Issue5 and ECN
Next by Date: interoperability issue with 'lifekbytes'
Prev by thread: draft-ietf-ipsec-ikev2-algorithms: Remove DES, RC4, Blowfish, IDEA
Next by thread: interoperability issue with 'lifekbytes'
Index(es):
- Date
- Thread