[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question on inbound IPSEC policy check

To: Stephen Kent <kent@xxxxxxx>, Jyothi <vjyothi@xxxxxxxxxxxxx>
Subject: Re: Question on inbound IPSEC policy check
From: Jyothi <vjyothi@xxxxxxxxxxxxx>
Date: Tue, 29 Apr 2003 09:58:24 +0530
Cc: ipsec@xxxxxxxxxxxxxxxxx
In-reply-to: <>
References: <> <> <> <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

Hi,

Office1Network-----SG1---------Internet------------SG2-------Office2Network.

SG1 contains the 2 IPSEC policies:
    1. protocol TCP and port 80
    2. protocol ANY

SG2 contains the one IPSEC policy of protocol ANY.

Office2Network starts the IKE negotiation for protocol ANY, after the negotiation SG2 will send the HTTP traffic with SAs created.

In IKE negotiation, we are informing the allowable traffic as protocol ANY.
 In this case, HTTP is part of protocol ANY.

So, if SG1 rejects inbound traffic coming from SG2, then how SG2 knows??

Thanks
Jyothi

At 09:36 AM 4/28/03 -0400, Stephen Kent wrote:

At 11:22 AM +0530 4/28/03, Jyothi wrote:
Hi,
If we reject the traffic, how do we inform the peer???
I think there might be some inter-operability issues.
Thanks
Jyothi
If the SAs are established using IKE, then the payloads passed during the IKE negotiations will inform the peer of the range of allowable traffic, so it will not be a surprise.

Steve

Follow-Ups:
- Re: Question on inbound IPSEC policy check
  - From: Stephen Kent
- Re: Question on inbound IPSEC policy check
  - From: Ramana Yarlagadda

References:
- Re: Question on inbound IPSEC policy check
  - From: Jyothi
- Question on inbound IPSEC policy check
  - From: Jyothi
- Re: Question on inbound IPSEC policy check
  - From: Stephen Kent

Prev by Date: RE: MIB doctor review of draft-ietf-ipsec-doi-tc-mib-07.txt
Next by Date: RE: Crypto algorithms for IKEv2
Previous by thread: Re: Question on inbound IPSEC policy check
Next by thread: Re: Question on inbound IPSEC policy check
Index(es):
- Date
- Thread