[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Authentication using ESP in Transport Mode
As we all move closer to actually (gasp!) deploying working code this kind
of question seems interesting. Hope I'm not belaboring an old point...
I wonder if you mean you want this:
1. Packets travel from remote node to node within (e.g. corporate internal
network)
-and-
2. Packets are encrypted as they travel from remote node to tunnel endpoint at
corporate Firewall
-and-
3. packets are also encrypted so the remote node and the other end node have a
secure pathway.
So specifically do you mean you want to double encrypt packets at the remote
node, so that one layer of encryption is stripped at the tunnel endpoint and
the second layer of encryption is stripped at the other end node?
The packets would be:
IPv4 ...outer header as it travels the net
AH ...is this needed?
ESP ...for firewall/tunnel
ESP ...for remote to internal node
original TCP/UDP/etc. ...real data.
If so, then I have a question:
I believe the architecture supports this fine.
Has anyone implemented this?
Has anyone done interoperability testing?
Are we really really sure any existing implementations correctly allow ESP
inside ESP?
This is an interoperability and operational question, as I understand it the
technology is agreed upon and should work.
>From: Derrell Piper <piper@tgv.com>
>
>>Sorry if I don't understand, but could anyone give an example of a
>>configuration where you would see end-to-gateway-to-end use of tunnel
>>mode--i.e., what is at the other "end".
>
>Well, precisely that, really. Some people want a private tunnel back to
>the corporate firewall _and_ an encrypted tunnel to the ultimate endnode.
Rodney Thayer <rodney@sabletech.com> +1 617 332 7292
Sable Technology Corp, 246 Walnut St., Newton MA 02160 USA
Fax: +1 617 332 7970 http://www.shore.net/~sable
"Developers of communications software"
Follow-Ups: