[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Gateway Discovery-Architecture Proposal

To: mcondell@xxxxxxx
Subject: Re: Gateway Discovery-Architecture Proposal
From: "Abdallah Rayhan" <arayhan@xxxxxxxxxxxxxxxxxx>
Date: Fri, 15 Sep 2000 10:45:49 -0400
Cc: IPSP List <ipsec-policy@xxxxxxxx>
List-archive: <http://www.vpnc.org/ipsec-policy/mail-archive/>
List-id: <ipsec-policy.vpnc.org>
List-unsubscribe: <mailto:ipsec-policy-request@vpnc.org?body=unsubscribe>
Organization: Nortel Networks
References: <>
Sender: owner-ipsec-policy@xxxxxxxxxxxxx

Matt,

Sorry for the delayed response. I looked into illustrating the 
architecture with more than one example. Here is a list of all
the situations that arise from the four gateways (SG1-SG2-SG3-SG4).

Case 1: SG1 performs Discovery/IKE/Resolution and has no policy 
        restrictions from SG2.
    A- SG4 performs Discovery/IKE/Resolution and has no policy 
       restrictions from SG3
    B- SG4 performs Discovery/Resolution with SG1 but SG3 has 
       "NO ESP" policy
       b- How does SG4 establish inter-domain policy with SG3?
    C- SG3 performs Discovery/IKE/Resolution for SG4
       c- How does SG4 establish inter-domain policy with SG3?

Case 2: SG1 performs Discovery/Resolution but SG2 has "NO ESP" policy. 
        1-How does SG1 establish inter-domain with SG2?
    A- SG4 performs Discovery/IKE/Resolution and has no policy 
       restrictions from SG3.
    B- SG4 performs Discovery/Resolution but SG3 has "NO ESP" policy
       b- How does SG4 establish inter-domain policy with SG3?
    C- SG3 performs Discovery/IKE/Resolution for SG4
       c- How does SG4 establish inter-domain policy with SG3? 

Case 3: SG2 performs Discovery/IKE/Resolution for SG1
        1-How does SG1 establish inter-domain policy with SG2?
    A- SG4 performs Discovery/IKE/Resolution and has no policy 
       restrictions from SG3
    B- SG4 performs Discovery/Resolution but SG3 has "NO ESP" policy
       b- How does SG4 establish inter-domain policy with SG3?
    C- SG3 performs Discovery/IKE/Resolution for SG4
       c- How does SG4 establish inter-domain policy with SG3?

The examples are documented at the following ftp site,
ftp://standards.nortelnetworks.com/IPSP/IPSPExamples.pdf 

There are details that should be worked out but I hope 
this clarifies the picture to start the discussion again.

Abdallah

> 
> Matthew Condell wrote:
> > The example will use the following hosts and gateways and
> > policies that require the indicated SAs.  SG3 has a policy
> > prohibiting ESP tunnels to pass through it, but is fine
> > with any AH tunnel or an unprotected communication between
> > H1 and H2.
> >
> > H1   SG1    SG2    SG3   SG4   H2
> >       --------------------
> >                   AH
> >              -------------
> >                  ESP
> >

References:
- Re: Gateway Discovery-Architecture Proposal
  - From: Matthew Condell

Prev by Date: [no subject]
Next by Date: Re: Gateway Discovery-Architecture Proposal
Previous by thread: Re: Gateway Discovery-Architecture Proposal
Next by thread: Re: Gateway Discovery-Architecture Proposal
Index(es):
- Date
- Thread