|Main Archive Page > Month Archives > ipsec archives|
in a managed-security setting, it seems reasonable to have different security policies, and separate Security Associations, for the different customers' traffic. Even though both may be running the same type of traffic. I understand that this is one of the use cases for the GRE draft.
Stephen Kent wrote:
> I still have not found time to review the GRE key proposal, but your
> comments were very helpful to me. The fact that thus value does not
> have a globally-defined semantics makes it less appropriate as a
> traffic selector, in my opinion. As you noted, it is no to analogous
> to the use of ports, protocol, and ICMP type/code values in the SPD.
> IPsec mailing list
> Scanned by Check Point Total Security Gateway.