Q

Understanding IPsec SA relationship to multiple sessions

Dear Mr. Tuomenoksa,
I am trying to understand IPsec SA relationship to multiple sessions. Could you please answer the question pertaining to the following scenario:

A PC client with its tunnel terminated on VPN device has multiple sessions (Windows open - http, ftp) running. The PC client is configured with only one policy (all traffic is tunneled via ESP tunnel using MD5-3DES).

How many outgoing SAs will I see in the SAD on the VPN device? Only one SA or multiple SA's representing each session?
Thanks in Advance,
Mathew
Hi Mathew,
The single IPSec SA that you use to create your ESP tunnel will support all the other traffic (TCP sessions, etc.). You don't need an SA for each logical connection through the tunnel. You do however need an SA for each gateway-to-gateway connection and each client-to-gateway connection.
Best,
Mark

This was first published in January 2003

Dig deeper on IP Networking

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close