 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Hi List-members,
If I need to apply both ESP and AH SAs
between the two
security gateways for a given traffic stream, do I need to
create two policies or one policy ?
Can someone indicate this with repect to the
following combinations
1) IKEv1 + 2401
2) IKEv1 + 2401bis
3) IKEv2 + 2401
4) IKEv2 + 2401bis
From IKEv1 or IKEv2 perspective, my understanding
is that there are
no restrictictions posted.
2401bis seems to indicate that if there is
nested tunneling i.e. if
the security tunnel is going to terminate in 2
different remote gateways,
then we need to have two SPD policies.
(Reference Appendix -E in 2401-bis)
However if the terminating tunnel
endpoint is the same remote gateway and
both ESP and AH needs to be applied to a
particular traffic stream, then
a single SPD Policy should suffice. I did not see any statement in 2401-bis
restricting this.
Can someone please clarify ?
Thanks,
Subha
|
_______________________________________________ Ipsec mailing list Ipsec at ietf.org https://www1.ietf.org/mailman/listinfo/ipsec