[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: revised IPsec processing model

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mark,

I'm doing my best to try to understand, but email is a difficult medium
for conveying complex ideas, so please bear with me while I try to sort
this out. Given the following picture

~               +---------------+
~               |               |             +------+
~ [host a]------|[if0]     [if1]|_____________|      |
~               |  |         |  |_____________| SGW2 |---[host b]
~               |[spd0]   [spd1]| tunnel      |      |
~               +---------------+             +------+

I think you're saying that you want the policy rule causing traffic
from host a to host b to be tunneled to live in spd0 instead of spd1. Is
this right?

Scott


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org

iD8DBQE/KonXMtIdhO0pgN4RAnA/AJ4iDlbPPLEHVCl5WFfyfzSfKV1TfgCfQ6IF
Pf/TcgOJIZbCPNGciio093E=
=g14L
-----END PGP SIGNATURE-----