You are right, after IKE phase 1, IPsec SA will be setup, traffic selector will be used
Here our requirement is, we still create the IKE SA, but not create IPsec SA. the reason for such kind of strange usage is that IKE is already mandated there. the left is whether it is necessary to use IPsec since the connections are already physically secured. Excuse for such strange scenario. -Hui 2009/5/14 Paul Hoffman <[email protected]>: > At 10:07 PM +0800 5/14/09, Hui Deng wrote: >>Tunnel waitting for traffic means that all traffic have to go through >>this tunnel anyhow. > > Correct. > >>the scenario I described is that after IKE procedure, but all the >>traffic will not go through this Ipsec tunnle since they are point to >>point connection. > > I am deeply confused. Why would point-to-point traffic not go through a > tunnel that has the appropriate traffic selectors? Where else would the > traffic go? > > --Paul Hoffman, Director > --VPN Consortium > _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
