What happens witheach packet

• On Input:

  • If IPSEC protected, apply the packet filter from the SA’s policy
  • If packet was not IPSEC protected, apply the default packet filter for the interface
  • Just drop packets that fail (or create new SA)

• On Output:

  • Apply the various SA output filters to try to find an SA to send the packet through
  • This is essentially just routing

Previous slide

Next slide

Back to first slide

View graphic version