[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: revised IPsec processing model

To: "Scott G. Kelly" <scott@airespace.com>
Subject: Re: revised IPsec processing model
From: Mark Duffy <mduffy@quarrytech.com>
Date: Sat, 02 Aug 2003 14:31:17 -0400
Cc: Stephen Kent <kent@bbn.com>, ipsec@lists.tislabs.com
In-Reply-To: <3F2A89D7.20709@airespace.com>
References: <5.2.0.9.0.20030724113200.01feed80@email><5.2.0.9.0.20030724113200.01feed80@email><5.2.0.9.0.20030731120622.02631138@email><5.2.0.9.0.20030801103014.01ffe018@email>
Sender: owner-ipsec@lists.tislabs.com

Yes Scott, that is exactly right.
But again, this was just an example of one situation where one would want 
to decouple the choice of SPD from the choice of exit interface.

--Mark

At 08:40 AM 8/1/2003 -0700, Scott G. Kelly wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi Mark,
>
>I'm doing my best to try to understand, but email is a difficult medium
>for conveying complex ideas, so please bear with me while I try to sort
>this out. Given the following picture
>
>~               +---------------+
>~               |               |             +------+
>~ [host a]------|[if0]     [if1]|_____________|      |
>~               |  |         |  |_____________| SGW2 |---[host b]
>~               |[spd0]   [spd1]| tunnel      |      |
>~               +---------------+             +------+
>
>I think you're saying that you want the policy rule causing traffic
>from host a to host b to be tunneled to live in spd0 instead of spd1. Is
>this right?
>
>Scott

References:
- Re: revised IPsec processing model
  - From: Mark Duffy <mduffy@quarrytech.com>
- Re: revised IPsec processing model
  - From: "Scott G. Kelly" <scott@airespace.com>

Prev by Date: MS IPR on ikev2-08
Next by Date: Re: revised IPsec processing model
Prev by thread: Re: revised IPsec processing model
Next by thread: Re: revised IPsec processing model
Index(es):
- Date
- Thread