[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AH (without ESP) on a secure gateway
Bill Sommerfeld writes:
> For simplicity, let's assume orgs A, B, and C, connected in a "full
> mesh" of leased lines (A-B, A-C, and B-C). Assume filtering routers
> on each leased line, so that C can't impersonate B when communicating
> with A. We now want to migrate to IPSEC without causing a flag day.
>
> Let's start by replacing the leased line between C and A with a tunnel
> over an untrusted network protected with AH or ESP.
>
> What stops C from tunnelling a packet to A with a source address on
> B's network? You need a policy check that the packet emerging from
> the tunnel is from a source address which is allowed to use that
> particular tunnel..
Yes, that's indeed what we do. Any encrypting gateway that didn't
would have a huge hole in it. I assume we're not alone in
anticipating this.
--
Karl Fox, servant of God, employee of Ascend Communications
3518 Riverside Drive, Suite 101, Columbus, Ohio 43221 +1 614 326 6841
References: