[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SPD Syntax Example

To: Andrew Krywaniuk <ak_ipsec@yahoo.ca>
Subject: Re: SPD Syntax Example
From: Stephen Kent <kent@bbn.com>
Date: Mon, 26 Jan 2004 09:22:06 -0500
Cc: ipsec@lists.tislabs.com
In-reply-to: <20040125070819.54614.qmail@web21504.mail.yahoo.com>
References: <20040125070819.54614.qmail@web21504.mail.yahoo.com>
Sender: owner-ipsec@lists.tislabs.com

Andrew,

We've had this discussion before, and I'd rather not revisit it.  If 
peers do not negotiate the selectors for an SA, interoperability 
problems arise.  We have experience with this happening today, 
because IKE v1 did not do as well as IKE v2 in this regard. For 
example, in IKE v2 the initiator sends the packet header info for the 
packet that triggers SA creation, to allow the responder more 
flexibility in finding a suitable SPD entry when peers have 
overlapping but not identical SPD entries.

Steve

References:
- Re: SPD Syntax Example
  - From: Andrew Krywaniuk <ak_ipsec@yahoo.ca>

Prev by Date: Re: SPD Syntax Example
Next by Date: Re: SPD Syntax Example
Previous by thread: Re: SPD Syntax Example
Next by thread: Re: SPD Syntax Example
Index(es):
- Date
- Thread