Selectors

• Maps SA with security policy in SPD

• Extracted from network and transport layer headers

• Source Address: can be a wild card, a range of addresses, a network prefix or a specific host

• Destination Address: can be a wild card, a range of addresses, a network or a specific host

• Name: identify a policy tied to a valid user or system; used during IKE negotiation, not during packet processing

• Protocol: specifies transport protocol whenever it is accessible.

• Upper Layer Ports: the upper layer ports represent the src and dst ports to which the policy is applicable

Previous slide

Next slide

Back to first slide

View graphic version