[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
re: Issue #68: VPNs with overlapping IP address ranges (was Re: 2401bis issues (possible) resolution)
Ken Carlberg writes:
> > I do not think there is any need to negotiate the VPN subscriber ID
> > between the parties. The VPN subscriber ID is internal to the SGW, and
> > it is not going to trust anything the other end sends.
> we developed an incremental VPN capability with one of our gateways
> that used a third party manager to add/remove participants from the
> VPN, and thus included participant(s) outside of the SGW. accordingly,
> we used and exchanged a VPN subscriber ID to accomplish this.
I do not disagree with that. You can do that with VPN ID, but I say
you can also do it without VPN IDs.
SSH Communications Security http://www.ssh.fi/
SSH IPSEC Toolkit http://www.ssh.fi/ipsec/