IPsec flows
Ciaran Deignan
ciaran.deignan at netcelo.com
Wed Mar 12 11:51:12 EST 2003
Peter Van Epp a écrit :
>
> The likely answer is indeed that the SPIs in and out are different
> (they are on our VPN) and thus argus treats them as different flows each way.
well the SPIs certanly would be different. IPsec uses
seperate incomming and outgoing Security Associations (SAs),
while IKE uses just one, so for a complete tunnel
there are 3 SAs...
But if argus does extrace the SPI from the ESP packet,
is there any way to tell it to ignore it? I'm going
to log the packets on the internal side anyway, so I'll
know what's entering and leaving the tunnels...
Ho hum...
Ciaran
--
+---------------------------------------------------------+
Ciaran Deignan 04 38 49 87 27
Netcelo SA - IPsec VPN Solutions http://www.netcelo.com/
18-20 rue Henri Barbusse - BP 2501, 38035 Grenoble Cedex 2
+---------------------------------------------------------+
More information about the argus
mailing list