From: Mark Lewis (markl11@hotmail.com)
Date: Tue Jun 08 2004 - 20:02:48 GMT-3
No, no always.
Just to take IPSec as an example-
In IPsec, it is possible to setup multiple pairs of IPSec SAs between tunnel
endpoints for the purpose of carrying different traffic types (you can do
this by configuring multiple sets of traffic selectors [multiple lines in
your crypto access lists]). This can be useful for preventing anti-replay
traffic drops in an IPSec VPN where QoS is supported in the backbone network
between the IPSec peers. Actually, this is usually not required even with
QoS in the backbone, but it is doable.
IKEv2 actually allows the negotiation of IPSec SAs with *identical* traffic
selectors between IPSec peers (something not allowed by IKEv1), each of
which can support, for example, a seperate level of QoS.
Hope that helps,
Mark
>From: Tiff <cciesg@yahoo.com>
>Reply-To: Tiff <cciesg@yahoo.com>
>To: ccielab@groupstudy.com, nobody@groupstudy.com
>Subject: VPN connection + tunnels
>Date: Tue, 8 Jun 2004 12:53:57 -0700 (PDT)
>
>Hello all,
>
>I hope you can help me on this. For every vpn connection, there is only 1
>tunnel - is this statement correct?
>
>thanks
>
>Tiff
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:36 GMT-3