[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ipsec] IKEv2: 1 child IPsec SA ? (stupid question!)

To: ipsec@ietf.org
Subject: [Ipsec] IKEv2: 1 child IPsec SA ? (stupid question!)
From: "Bob Arthurs" <bob_arthurs@hotmail.com>
Date: Wed, 30 Jun 2004 17:25:33 +0000
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: IP Security <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>,<mailto:ipsec-request@ietf.org?subject=unsubscribe>
Sender: ipsec-bounces@ietf.org

Hi all,

Just researching IKEv2 (draft-ietf-ipsec-ikev2-14), and I noticed the 
reference to a single IPsec SA being created during the initial 4 message 
negotiation (ike_sa_init & ike_auth). For example, I noticed the following 
reference:

'In some scenarios, only a single CHILD_SA is needed between the IPsec 
endpoints and therefore there would be no additional exchanges.'

I know this is a stupid question, but knowing that IPsec SAs are 
unidirectional, can someone confirm that the initial 4 message IKE 
negotiation results in a single IPsec SA *in each direction* (giving a total 
of 2 IPsec SAs) ??

Many thanks in advance

_________________________________________________________________
Want to block unwanted pop-ups? Download the free MSN Toolbar now!  
http://toolbar.msn.co.uk/


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

Follow-Ups:
- Re: [Ipsec] IKEv2: 1 child IPsec SA ? (stupid question!)
  - From: Yoav Nir <ynir@netvision.net.il>

Prev by Date: [Ipsec] RE: Incoming Msg
Next by Date: RE: [Ipsec] Layer 2 processing inside IPsec
Previous by thread: [Ipsec] RE: Incoming Msg
Next by thread: Re: [Ipsec] IKEv2: 1 child IPsec SA ? (stupid question!)
Index(es):
- Date
- Thread