Hello. Here is a description of what i'm looking for: Usually, a VPN has a number of selectors by which an administrator can determine the granularity of applying security associations. For instance, assume that the only possible selectors are IP source address and IP destination address. In this case the administrator is able to choose different security associations (that is, all the cryptographic algorithms and keys used in IPSec) for each address, but can't provide different security associations for different services (mail, ftp etc.). If source port and destination port are also possible selectors then a different security association can be negotiated for each port. However, some services (ftp, H323 etc.) use ports that are not initially known, but are agreed upon dynamically during the actual communication phase. Most VPN configurations don't allow creation of a separate security association for such services. Some VPN products (Checkpoit for example) do allow this dynamic property. I'd like to know how common such a "dynamic VPN" configuration is. Please send it directly to my e-mail because this subject is not the main issue in this newsgroup. Thanks, Naor. ================================================ Lipa Naor Quality Assurance Manager Packet Technologies Ltd. ================================================ 6 Hamachtesh st. Industry Area, Holon 58810 Israel Tel +972-3-558-7001 Ext.339 Fax +972-3-558-7003 Email [EMAIL PROTECTED] Web http://www.packet-technologies.com ================================================ - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
