> > Programming interfaces to the SADB (like PF_KEY) or manual-keying programs > (like setkey(8) on BSD or ipseckey(1M) on OpenSolaris) might be able to allow > a manually-keyed SA with replay protection, but without the above operational > restrictions, things would break down quickly. This is why most manual key > programs do not enable replay protection on an SA by default. > > Hope this helps,
It does. Thank You! Sriram > Dan > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
