[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2401bis Issue #67 -- IPsec management traffic

To: Francis Dupont <Francis.Dupont@xxxxxxxxxxxxxxxx>
Subject: Re: 2401bis Issue #67 -- IPsec management traffic
From: Karen Seo <kseo@xxxxxxx>
Date: Fri, 3 Oct 2003 01:19:15 -0400
Cc: "'ipsec mailingList'" <ipsec@xxxxxxxxxxxxxxxxx>
In-reply-to: <>
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

Hi Francis,

In your previous mail you wrote:

There is one slight catch, however. There is no SPD entry action to cause delivery of a received message to IKE. So, while your example is appropriate for outbound IKE traffic, I don't think we ever defined a way to express appropriate internal forwarding of inbound IKE traffic. Any suggestions? => I agree but I don't believe there is a solution inside IPsec itself: to enforce the delivery of packets maching a filter to a process/user/... is a "personal firewall" function only.

[Throwing in a few pennies until Steve returns...]

	Are you speaking of hosts here?  While it might work there,
	a "personal firewall" seems odd applied to SGs.  A general
	solution would be to add another action in the SPD, e.g.,
	"direct to security management".

Karen

Follow-Ups:
- Re: 2401bis Issue #67 -- IPsec management traffic
  - From: Francis Dupont
- Re: 2401bis Issue #67 -- IPsec management traffic
  - From: Markku Savela

References:
- Re: 2401bis Issue #67 -- IPsec management traffic
  - From: Francis Dupont

Prev by Date: ECN tweak to Final editing instructions for ikev2 document
Next by Date: Re: 2401bis Issue #67 -- IPsec management traffic
Previous by thread: Re: 2401bis Issue #67 -- IPsec management traffic
Next by thread: Re: 2401bis Issue #67 -- IPsec management traffic
Index(es):
- Date
- Thread