[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SAs that carry fragments Was: Re: Some IKEv2 issues



Stephen Kent writes:
> We've had analogous debates on this before.  IPsec is NOT just a VPN 
> technology and our specs ought not be VPN-specific. I have certainly 
> advised folks to use port selectors for tunnels under certain 
> instances, e.g., to restrict traffic to a server to be traffic of the 
> sort appropriate to that server, based on the well known ports 
> associated with the service.

How have they handled the fragmentation issue in those cases, or have
the simply assumed that the fragmentation will not happen, and ignored
all of those packets. 
-- 
kivinen@safenet-inc.com