[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec SAs
Hi,
It depends on SPD policy you configure.
If your policy selectors include only 'B' address, then using
this policy,only B can be reached from A.
If your policy selector include complete subnet in which 'B'
belongs,then all machines in that subnet can be reached from A.
Ravi
George Hadjichristofi wrote:
> Hi,
>
> I have a question about IPSec SAs.
>
> There is a nework such as:
> A----Gateway1 ===tunnel====Gateway2 ----B
>
> A and B are the subnets.
> Gateway 1 and 2 negotiate a tunnel such that A can communicate securely with
> B.
>
> Based on RFC2401, does that mean that A will only be able to talk to B and
> no other nodes on the network, or just that it will talk to B via a secure
> tunnel and to everybody else in cleartext?
>
> Should A be able to talk to Gateway2?
>
> Thank you
> George
>
> ***********************************************************
> George C. Hadjichristofi
> Graduate Student
> Bradley Department of Electrical and Computer Engineering
> Virginia Tech,Blacksburg,VA 24061,U.S.A
> TEL:(540)-951-8936
> ***********************************************************
>
--
The views presented in this mail are completely mine. The company is not
responsible for whatsoever.
------------------------------------------------------------------------
Ravi Kumar CH
Rendezvous On Chip (i) Pvt Ltd
Hyderabad, India
Ph: +91-40-2335 1214 / 1175 / 1184
ROC home page <http://www.roc.co.in>
- References:
- ipsec SAs
- From: "George Hadjichristofi" <ghadjich@vt.edu>