[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec on tunneling mechanisms
In your previous mail you wrote:
One related question.. Can we use a single pair of SA for IPv4
tunneled in IPv4 and IPv4 tunneled in IPv6 traffic between the two
hosts i.e the traffic selector needs to specify a mix of IPv4 and IPv6
selectors ?
=> perhaps you mean IPv4 tunneled in IPv4 and IPv6 tunneled in IPv4?
In your description the multiple version addresses are external
IKE doesn't know to do this kind of things...
Though IKev2 supports multiple traffic selectors in a single
negotiation, it does not allow the mix. In section 2.9,
=> I don't read the section 2.9 this way.
Two TS payloads appear in each of the messages in the exchange that
creates a CHILD_SA pair. Each TS payload contains one or more Traffic
Selectors. Each Traffic Selector consists of an address range (IPv4
or IPv6), a port range, and an IP protocol ID.
=> so where is the constraint?
Is that right ?
=> I believe it isn't. But note that an implementation can support only
one TS...
Francis.Dupont@enst-bretagne.fr