[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH (without ESP) on a secure gateway



Bill Sommerfeld writes:
> For simplicity, let's assume orgs A, B, and C, connected in a "full
> mesh" of leased lines (A-B, A-C, and B-C).  Assume filtering routers
> on each leased line, so that C can't impersonate B when communicating
> with A.  We now want to migrate to IPSEC without causing a flag day.
> 
> Let's start by replacing the leased line between C and A with a tunnel
> over an untrusted network protected with AH or ESP.
> 
> What stops C from tunnelling a packet to A with a source address on
> B's network?  You need a policy check that the packet emerging from
> the tunnel is from a source address which is allowed to use that
> particular tunnel..

Yes, that's indeed what we do.  Any encrypting gateway that didn't
would have a huge hole in it.  I assume we're not alone in
anticipating this.
-- 
Karl Fox, servant of God, employee of Ascend Communications
3518 Riverside Drive, Suite 101, Columbus, Ohio 43221   +1 614 326 6841



References: