Re: [Design] road warrior and id field.

>Kaustubh Kumbhalkar writes:

>The value of IDii is used by the responder to determine whether it

by I3 i meant the message MI3 - third message from initiator. ( i should have been more clearer).

anyways , then the point is that the responder should respond to the initiators 'source address' and not the address as specified by IDii.

in freeswan when we initiate a connection from the road warrior , the responder updates its connection information with the 'source addresss' of the road warrior.
while the security association is required to be made w.r.t the address specified by IDii.
if this is possible then ,this wil allow a road warrior to negotiate SA's for its home address (using IDii) while having foreign address as the source address for its IKE packets.
anything wrong in this?

>> this way it is not possible to negotiate for an SA having address other

>ISAKMP SAs are between an initiator and responder and only protect

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

>* a transport or tunnel mode IPsec SA between the initiator and

>* a tunnel mode IPsec SA between addresses that are protected by the