[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPsec SA mode per transform in IPSEC-IKEACTION-MIB

To: ipsec-policy@xxxxxxxx
Subject: IPsec SA mode per transform in IPSEC-IKEACTION-MIB
From: Maxim Frolov <mfr@xxxxxxxxxxxxxx> (by way of Maxim Frolov <mfr@xxxxxxxxxxxxxx>)
Date: Mon, 7 Mar 2005 17:44:26 +0100
List-archive: <http://www.vpnc.org/ipsec-policy/mail-archive/>
List-id: <ipsec-policy.vpnc.org>
List-unsubscribe: <mailto:ipsec-policy-request@vpnc.org?body=unsubscribe>
Sender: owner-ipsec-policy@xxxxxxxxxxxxx
User-agent: KMail/1.6.2

Hello,


How can I define an IPsec action which points to IPsec proposals with 
different modes (tunnel or transport) for IPsec SA to be negotiated?

For example, consider the following proposal list:
"((ESP-3DES-tunnel OR ESP-DES-tunnel) AND (AH-SHA1-transport)) OR 
(ESP-3DES-tunnel OR ESP-3DES-transport)":

Proposal1 (ESP):
	Transform1 (3DES, tunnel)
	Transform2 (DES, tunnel)
Proposal1 (AH):
	Transform1 (SHA1, transport)
Proposal2 (ESP)
	Transform1 (3DES, tunnel)
	Transform2 (3DES, transport)

Are these proposals expressable by IPSEC-IKEACTION-MIB?

The only element which defines SA mode (tunnel, transport) is  
ipiaIpsecActMode in ipiaIpsecActionEntry. 

There is no property "mode" per transform or per proposal in 
IPSEC-IKEACTION-MIB.

Is the ipiaIpsecActionEntry designed to be compliant with IKEv2 where SA mode 
is per SA payload (per IPsec action)?



 Maxim.

Prev by Date: Re: Understanding of ipsp-xxx-mib's
Previous by thread: Understanding of ipsp-xxx-mib's
Index(es):
- Date
- Thread