On Nov 15, 2011, at 7:36 PM, Ulliott, Chris wrote: > Classification:UNCLASSIFIED > > The problem with a single SA is that it usually means a single key (what ever > form that takes) such that a compromise of a single spoke puts all traffic at > risk... So what ever solution we go for - we need to keep one eye on the > security requirements... > > Chris
Hi Chris I don't mean a single SA for the whole configuration. I mean a single SA for every pair of gateways, rather than lots of SAs, one for each pair of subnets. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec