[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec on tunneling mechanisms

To: "Mohan Parthasarathy" <mohanp@sbcglobal.net>
Subject: Re: IPSec on tunneling mechanisms
From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>
Date: Thu, 04 Mar 2004 06:06:47 +0100
Cc: "Charles Lynn" <clynn@bbn.com>, "Mujinga, M" <mujingam@cs.ufh.ac.za>, ipsec@lists.tislabs.com
In-reply-to: Your message of Wed, 03 Mar 2004 09:48:28 PST. <003c01c40147$bc5eed20$861167c0@adithya>
Sender: owner-ipsec@lists.tislabs.com

 In your previous mail you wrote:

   One related question.. Can we use a single pair of SA for IPv4
  tunneled in IPv4 and IPv4 tunneled in IPv6 traffic between the two
  hosts i.e the traffic selector needs to specify a mix of IPv4 and IPv6
  selectors ?

=> perhaps you mean IPv4 tunneled in IPv4 and IPv6 tunneled in IPv4?
In your description the multiple version addresses are external
IKE doesn't know to do this kind of things...

   Though IKev2 supports multiple traffic selectors in a single
  negotiation, it does not allow the mix. In section 2.9,
   
=> I don't read the section 2.9 this way.

      Two TS payloads appear in each of the messages in the exchange that
      creates a CHILD_SA pair. Each TS payload contains one or more Traffic
      Selectors. Each Traffic Selector consists of an address range (IPv4
      or IPv6), a port range, and an IP protocol ID. 
   
=> so where is the constraint?

     Is that right ?
   
=> I believe it isn't. But note that an implementation can support only
one TS...

Francis.Dupont@enst-bretagne.fr

Follow-Ups:
- Re: IPSec on tunneling mechanisms
  - From: "Mohan Parthasarathy" <mohanp@sbcglobal.net>

References:
- Re: IPSec on tunneling mechanisms
  - From: "Mohan Parthasarathy" <mohanp@sbcglobal.net>

Prev by Date: Re: comments on 2401bis-01 - Transport mode by SGs
Next by Date: Re: IPSec on tunneling mechanisms
Previous by thread: Re: IPSec on tunneling mechanisms
Next by thread: Re: IPSec on tunneling mechanisms
Index(es):
- Date
- Thread