[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: UNIQUENESS clause of ipSecIkeRuleTable
Thanks for pointing this out. Would the addition of
ipSecIkeRuleIkeEndpointGroupId into the UNIQUENESS be good enough? It
boils down to the question of "can there be more than one IKE
associations between two end points?" If the answer is yes, then
ipSecIkeRuleIkeAssiciationId needs to be added too.
I start to think that the ipSecRuleTable has the same issue. The
ipSecruleIpSecSelectorGroupId needs to be added to the UNIQUENESS. What
do you think?
Thanks for your comments
From: ext MORAND Pierrick FTRD/DMI/CAE
Sent: September 20, 2001 04:20 AM
To: IPSEC-POLICY (E-mail)
Subject: UNIQUENESS clause of ipSecIkeRuleTable
In the ipSecIkeRuleTable the UNIQUENESS clause is currently the
Doing so, this prevents the PDP to install, for an interface having a
Role/IfName tuple value, different Ike policies for different peers.
Shouldn't this clause be set to :
//for the editor : to be renamed in ipSecIkeRuleIkeAssociationId
I have excluded the ipSecIkeRuleIpSecRuleTimePeriodGroupId in order to
that an IkeRule (same IkeAssociation and group of peers) is the object
two different sets of TimePeriod policies leading to create two
IkeRule instances while the RuleTimePeriodSet could be updated.
Thanks for your comments.
france telecom R&D/DMI/SIR/IPI
Tel : +33 2 31 75 91 79 - Fax : +33 2 31 73 56 26