[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on ICPM IPProtocolEndpoint
Ricky, I'm not sure I understand the problem so let me try to explain the
relationships in the model.
The IKEServiceForEndpoint association identifies the IPProtocolEndpoints
(local IP addresses, could be real or virtual interfaces) for which an IKE
service provides negotiation services. (The IPProtocolEndpoint class only
represents local addresses, remote addresses are represented in the
conditions/filters of the policy.) Those same local IPProtocolEndpoint
instances will have SAs (SecurityAssociationBindsTo) that protect traffic on
the endpoints.
Does that help or are we missing something? Cheers, Lee
----- Original Message -----
From: "Ricky Charlet" <rcharlet@xxxxxxxxxxxx>
To: ".MailList - ipsec-policy" <ipsec-policy@xxxxxxxx>
Sent: Thursday, December 28, 2000 5:11 PM
Subject: comments on ICPM IPProtocolEndpoint
> Howdy,
>
> I have a question about IPProtocolEndpoints. From reading the DMTF
> white paper on IPsec Policy Model, it implies that IPProtocolEndpoints
> serve two roles. They are the interfaes which are IKE enabled, and they
> are the entities which will ultimatly be protected. I hope I'm just
> reading the model wrong. Because Secruity Gateways need to (of course)
> represent endpoints for protection which likely will not be the same as
> the Secruity Gatway's IKE enabled interface.
>
>
> --
> Ricky Charlet : Redcreek Communications : usa (510) 795-6903