On Mon, Dec 07, 2009 at 06:59:13PM -0500, Paul Moore wrote: > > You could have PAD entries that set labels. We do that today in > > OpenSolaris. > > I apologize, but I'm not familiar with OpenSolaris's IPsec - do you use the > pad to assign labels when none are present (the fallback case) or do you > use it to limit the range of labels you will accept from a remote node? > Based on your comment I suspect it is at least the former, I just wanted to > clarify.
Both. IKE will reject a peer that proposes a label outside the scope of a PAD entry's preferences. Dan _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
