[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2401bis Issue #67 -- IPsec management traffic
Hi Francis,
> In your previous mail you wrote:
>
> There is one slight catch, however. There is no SPD entry action to
> cause delivery of a received message to IKE. So, while your example
> is appropriate for outbound IKE traffic, I don't think we ever
> defined a way to express appropriate internal forwarding of inbound
> IKE traffic. Any suggestions?
>
>=> I agree but I don't believe there is a solution inside IPsec itself:
>to enforce the delivery of packets maching a filter to a process/user/...
>is a "personal firewall" function only.
[Throwing in a few pennies until Steve returns...]
Are you speaking of hosts here? While it might work there,
a "personal firewall" seems odd applied to SGs. A general
solution would be to add another action in the SPD, e.g.,
"direct to security management".
Karen