|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Relation between iSCSI session and IPSec SAsHi, I have a question regarding the relation between iSCSI session and the IPsec SAs. From the minutes of Minneapolis: "...a single IPSec Phase 2 SA per TCP connection ...had no security value." I agree and like to extend this: "...a single IKE negotiation per multiple iSCSI session (between the same IP addresses of initiator and target) ...had no security value." I found a similar statement in the mailing list from February but no discussion about this issue: "If an implementor wants to put all their iSCSI sessions on the same IPSec SA, I think they should have that liberty." So the question is, what is the situation? Must we negotiate per multiple session (and evaluate packets additional for a session identifier) or must we not? Thank you for the answer. Christina Helbig Sr. Security System Analyst Zyfer cbh@zyfer.com tel: 714 780 7618 fax:714 780 7649
Home Last updated: Tue Apr 30 15:18:26 2002 9894 messages in chronological order |