[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2401bis issues
In message <>, Stephen Kent writes:
>I agree that this is not an interoperability issue, but 2401
>established a per-interface SPD requirement and I think we now have
>heard from various folks that this is unduly restrictive. So as part
>of the revised processing model
>we need to remove the old, 2401 restriction and explain what the new
>model does and why.
I agree on removing the limitation.
>Tero has pointed out in some private e-mail that this
>characterization in quotes is not quite right, i.e., IKEv2 does not
>work this way! So, we are revising the characterization accordingly.
>The bottom line is that one can accommodate multiple protocols in a
>single SPD entry, because the entry really consists of a list of
>selector sets, each set contains S/D IP address range, ONE protocol
>(or ANY), and S/D port range. The "list of ranges" effect is
>achieved in that fashion.