[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ipsec] IKEv2: 1 child IPsec SA ? (stupid question!)
Hi all,
Just researching IKEv2 (draft-ietf-ipsec-ikev2-14), and I noticed the
reference to a single IPsec SA being created during the initial 4 message
negotiation (ike_sa_init & ike_auth). For example, I noticed the following
reference:
'In some scenarios, only a single CHILD_SA is needed between the IPsec
endpoints and therefore there would be no additional exchanges.'
I know this is a stupid question, but knowing that IPsec SAs are
unidirectional, can someone confirm that the initial 4 message IKE
negotiation results in a single IPsec SA *in each direction* (giving a total
of 2 IPsec SAs) ??
Many thanks in advance
_________________________________________________________________
Want to block unwanted pop-ups? Download the free MSN Toolbar now!
http://toolbar.msn.co.uk/
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec