Hello.
Here is a description of what i'm looking for:
Usually, a VPN has a number of selectors by which an administrator can

determine the granularity of applying security associations. For instance,
assume that the only possible

selectors are IP source address and IP destination address. In this case the
administrator is able to

choose different security associations (that is, all the cryptographic
algorithms and keys used in IPSec) for each address,

but can't provide different security associations for different services
(mail, ftp etc.). If source port and

destination port are also possible selectors then a different security
association can be negotiated for

each port.

However, some services (ftp, H323 etc.) use ports that are not initially
known, but are agreed upon dynamically

during the actual communication phase. Most VPN configurations don't allow
creation of a

separate security association for such services. Some VPN products
(Checkpoit for example) do allow

this dynamic property.

I'd like to know how common such a "dynamic VPN" configuration is.

Please send it directly to my e-mail because this subject is not the main
issue in this newsgroup.

Thanks, Naor.

================================================
Lipa Naor
Quality Assurance Manager
Packet Technologies Ltd.
================================================
6 Hamachtesh st. Industry Area, Holon 58810 Israel
Tel        +972-3-558-7001 Ext.339
Fax       +972-3-558-7003
Email    [EMAIL PROTECTED]
Web     http://www.packet-technologies.com
================================================


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to