What happens whenSA is created

• Everyone runs IKE, which might be governed by a local policy written in KeyNote

  • IKE hack passes up credentials (X.509/KeyNote)

• IKE daemon (isakmpd) re-writes the proposed packet filter, peer identity, addresses, etc, as a KeyNote action and queries local KeyNote compliance checker

• If KeyNote says OK, SA is created with the given filter

Previous slide

Next slide

Back to first slide

View graphic version