[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Initial Contact Message processing

To: David Wierbowski <wierbows@us.ibm.com>
Subject: Re: Initial Contact Message processing
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Fri, 16 Jan 2004 15:33:31 +0100
Cc: ipsec@lists.tislabs.com
In-reply-to: Your message of Thu, 15 Jan 2004 11:00:11 EST. <OF002954DD.D10B4FCE-ON85256E1C.0056D62D-85256E1C.00583FF1@us.ibm.com>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

    Not sure this is the best answer, but on the implementation that I work
    on we would require multiple phase 1 SAs with that device.  One for every
    every NIC ( IP address) owned by the device from which a phase 2
   negotiation
    would be started on.  Based on this thread we might be better off allowing
    all NICs to utilize the same SA.
   
=> MOBIKE stuff should remove the limitation, i.e., one IKE SA should be
able to manage IPsec SAs using different IP addresses of the multi-NIC
devices, at the condition the IPsec SAs are in transport mode of course.
And without strange hacks with its phase one ID.

Regards

Francis.Dupont@enst-bretagne.fr

References:
- Re: Initial Contact Message processing
  - From: David Wierbowski <wierbows@us.ibm.com>

Prev by Date: 2401bis -- current version is the correct one
Next by Date: Re: 2401bis -- current version is the correct one
Previous by thread: Re: Initial Contact Message processing
Next by thread: RE: Initial Contact Message processing
Index(es):
- Date
- Thread