> Thanks,
> -Amjad
>
> -Original Message-
> From: Murthy N Srinivas-B22237 [mailto:b22...@freescale.com]
> Sent: Thursday, November 12, 2009 6:35 PM
> To: Amjad Inamdar (amjads); Tero Kivinen; Yoav Nir
> Cc: ipsec@ietf.org
> Subject: RE: [IPsec] Clarification o
@cisco.com]
Sent: Friday, November 13, 2009 12:31 PM
To: Murthy N Srinivas-B22237; Tero Kivinen; Yoav Nir
Cc: ipsec@ietf.org
Subject: RE: [IPsec] Clarification on identities involved in
IKEv2EAPauthentication
Hi Murthy,
IKEv2 gatway even when acting as a pass-through would need the
authent
Nir
Cc: ipsec@ietf.org
Subject: RE: [IPsec] Clarification on identities involved in
IKEv2EAPauthentication
Amjad,
If the Authenticator includes the AAA server implementation,it should no
the EAP identity to enforce policies.If AAA server is separate,we can
add an attribute to AAA server for this
[mailto:ipsec-boun...@ietf.org] On Behalf
Of Tero Kivinen
Sent: Thursday, November 12, 2009 5:01 AM
To: Yoav Nir
Cc: ipsec@ietf.org; Amjad Inamdar (amjads)
Subject: Re: [IPsec] Clarification on identities involved in
IKEv2EAPauthentication
Yoav Nir writes:
> Since the gateway acts as a pass-through,
Kivinen
Sent: Thursday, November 12, 2009 5:01 AM
To: Yoav Nir
Cc: ipsec@ietf.org; Amjad Inamdar (amjads)
Subject: Re: [IPsec] Clarification on identities involved in
IKEv2EAPauthentication
Yoav Nir writes:
> Since the gateway acts as a pass-through, the requirement here is more
> for the
] On Behalf
Of Tero Kivinen
Sent: Thursday, November 12, 2009 5:01 AM
To: Yoav Nir
Cc: ipsec@ietf.org; Amjad Inamdar (amjads)
Subject: Re: [IPsec] Clarification on identities involved in
IKEv2EAPauthentication
Yoav Nir writes:
> Since the gateway acts as a pass-through, the requirement here is m
On Nov 12, 2009, at 5:34 AM, Raj Singh wrote:
> The selection of AAA server will be based on IDi then EAP will happen.
> The gateway will get EAP authenticated ID from the AAA server.
> If EAP identity is different from IDi and no policy is found for EAP identity.
> The gateway should initiate de
The selection of AAA server will be based on IDi then EAP will happen.
The gateway will get EAP authenticated ID from the AAA server.
If EAP identity is different from IDi and no policy is found for EAP
identity.
The gateway should initiate deletion of the SA.
Also, if policy is found based on EAP
Yoav Nir writes:
> Since the gateway acts as a pass-through, the requirement here is
> more for the client, which is typically more integrated. The client
> should be prepared to give an identity hint both in IKE and later in
> the EAP session.
And in that case the identities should really be same
November 11, 2009 7:23 PM
> To: Srinivasu S R S Dhulipala (srinid)
> Cc: Amjad Inamdar (amjads); ipsec@ietf.org
> Subject: Re: [IPsec] Clarification on identities involved in
> IKEv2EAPauthentication
>
>
> On Nov 11, 2009, at 3:39 PM, Srinivasu S R S Dhulipala (srinid) wrote:
>
Hi Yoav,
Thanks for the quick response. Please see inline.
-Original Message-
From: Yoav Nir [mailto:y...@checkpoint.com]
Sent: Wednesday, November 11, 2009 7:23 PM
To: Srinivasu S R S Dhulipala (srinid)
Cc: Amjad Inamdar (amjads); ipsec@ietf.org
Subject: Re: [IPsec] Clarification on
11 matches
Mail list logo
