[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: Issue #68: VPNs with overlapping IP address ranges (was Re: 2401bis issues (possible) resolution)

Ken Carlberg writes:
> > I do not think there is any need to negotiate the VPN subscriber ID
> > between the parties. The VPN subscriber ID is internal to the SGW, and
> > it is not going to trust anything the other end sends.
> we developed an incremental VPN capability with one of our gateways
> that used a third party manager to add/remove participants from the
> VPN, and thus included participant(s) outside of the SGW.  accordingly,
> we used and exchanged a VPN subscriber ID to accomplish this.

I do not disagree with that. You can do that with VPN ID, but I say
you can also do it without VPN IDs. 
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/