At 2:18 PM +0300 4/29/09, Tero Kivinen wrote:
...
In most case I would not expect Bob to create the old SA that way at
all, as it would require it to combine two SPD rules together when
accepting such entry. As the SPD entries are ordered list that would
mean it was combining two entries which had different locations in the
list, and I am not sure if combining two SPD entries when creating SA
is actually allowed by the RFC4301.
4301 does not have any notion of "combining" SPD entries. As you
note, the SPD is ordered, so whichever SPD entry matches and is
encountered first is used.
Steve
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
