Re: Inbound packet processing- mobile host problem
Pyda Srisuresh <srisuresh@yahoo.com> Tue, 04 April 2000 03:43 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ns.secondary.com (8.9.3/8.9.3) with ESMTP id UAA18007; Mon, 3 Apr 2000 20:43:48 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id WAA29844 Mon, 3 Apr 2000 22:30:35 -0400 (EDT)
Message-ID: <20000404022500.28406.qmail@web1406.mail.yahoo.com>
Date: Mon, 03 Apr 2000 19:25:00 -0700
From: Pyda Srisuresh <srisuresh@yahoo.com>
Subject: Re: Inbound packet processing- mobile host problem
To: Stephen Kent <kent@bbn.com>, "venkatn@future.futsoft.com" <venkatn@future.futsoft.com>
Cc: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
--- Stephen Kent <kent@bbn.com> wrote: > At 8:05 PM +0530 3/31/00, Venkatesh N wrote: > >Hi all > >I have the following doubts regarding the IPSEC > > > >(1) According to the RFC, for the inbound packets, the SA (tunnel > >mode) is retrieved based on the > > > > --The Destination IP address of the Outer IP header > > --SPI > > --IPsec protocol > > > > (a)Does this mean that the security gateway can allot the same > >SPI value for the different IP addresses (supposing It has > > more than one IP addresses)? > > Yes. > > >(2) In the case of a mobile host contacting the home security > >gateway after dialing to a local PPP > >server on the Internet and then crossing the Internet to the home > >organization's firewall , then is there any automated way > >for the discovery/verification of the security gateway/mobile host?? > > There is no automated security gateway discovery protocol today. > Well, a good way to do this would be to make PPP server the Security gateway. By doing this, you have added benefits of being able to monitor IPsec SA status and scale to a large number of user security profiles. Take a look at <draft-ietf-pppext-secure-ra-00.txt> > Steve > > cheers, suresh __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
- Inbound packet processing- mobile host problem Venkatesh N
- Re: Inbound packet processing- mobile host problem Joern Sierwald
- RE: Inbound packet processing- mobile host problem Venkatesh N
- Re: Inbound packet processing- mobile host problem Stephen Kent
- Re: Inbound packet processing- mobile host problem Pyda Srisuresh
- Re: Inbound packet processing- mobile host problem rupesh