[strongSwan-dev] [StrongSwan]: Traffic narrowing for IKEv2
Andreas Steffen
andreas.steffen at strongswan.org
Tue Dec 18 19:13:30 CET 2012
On 18.12.2012 19:04, jegathesh malaiyappan wrote:
> Hi,
>
> I need a clarification on IKEv2 traffic narrowing.
>
> NodeA
> -------------------------------------------------------------------- SGW
>
> Responder initiator& responder
>
> 60.60.60.1 - 60.60.60.254 ---- 24
> 60.60.60.1 - 60.60.63.254
> ------ 22
>
> Both the peers are configured , support different address range. It has
> to narrowing the traffic and decide traffic selector.
>
>
> Please clarify me the following,
>
> i) is it always narrow to smaller subnet and use that address
> range ... in the above ex ... 60.60.60.0/24 ?
>
The narrowing happens always to the smaller network, i.e 60.60.60.0/24
> ii) is this traffic narrowing differ based on responder
> configured bigger network and initiator configured smaller network?
>
If the initiator suggests a smaller network then this is selected.
No "broadening" ever happesn.
>
> Thanks.
>
>
> --
> By
> Jegathesh,
Regards
Andreas
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20121218/152aae1f/attachment.bin>
More information about the Dev
mailing list