Q

Understanding IPsec SA relationship to multiple sessions

Dear Mr. Tuomenoksa, I am trying to understand IPsec SA relationship to multiple sessions. Could you please answer...

the question pertaining to the following scenario:

A PC client with its tunnel terminated on VPN device has multiple sessions (Windows open - http, ftp) running. The PC client is configured with only one policy (all traffic is tunneled via ESP tunnel using MD5-3DES).

How many outgoing SAs will I see in the SAD on the VPN device? Only one SA or multiple SA's representing each session?
Thanks in Advance,
Mathew
Hi Mathew,
The single IPSec SA that you use to create your ESP tunnel will support all the other traffic (TCP sessions, etc.). You don't need an SA for each logical connection through the tunnel. You do however need an SA for each gateway-to-gateway connection and each client-to-gateway connection.
Best,
Mark

This was last published in January 2003

Dig Deeper on IP Networking

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close