[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AH (without ESP) on a secure gateway
Last month there was a question regarding ESP and AH on a secure
gateway as in the following model.
secure (untrusted) secure
hostA gatewayA---------------------------gatewayB hostB
| | | |
---------- -----------
(trusted subnet) (trusted subnet)
My question is whether AH on a secure gateway even makes sense at all
if ESP is not being performed.
Consider hostA sending a packet to hostB. If gatewayA places an AH on
the packet, it would appear as if it was authenticated by hostA, not a
good idea in my mind.
How do other secure gateway implementations handle this situation?
Bill Whelan
Follow-Ups: