Security Association Parameters

comma42

Source: IBM Knowledge Center

The range of SPI is 256 to 16383. The default is 0. I am afraid SPI itself is not sufficient to uniquely identify a SA. That’s why a SA is uniquely identified by the three items:

  • Security Parameter Index (SPI)
  • Security Protocol (AH or ESP)
  • Destination IP Address

It’s similar to the concept of a composite key in the relational database.

Thank you, Chaudhary, to supplement the details:

References

Leave a Reply