[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH (without ESP) on a secure gateway

To: ipsec@tis.com
Subject: Re: AH (without ESP) on a secure gateway
From: pau@watson.ibm.com
Date: Wed, 27 Nov 1996 15:53:29 -0500
Cc: isakmp-oakley@cisco.com
Sender: owner-ipsec@ex.tis.com

I have a question triggered by the discussion :

  If two firewalls (gateways), IDii and IDir, did a successful ISAKMP
  phase-II proxy negotiation for IDui and IDur. Then, which one is the
  right usage of the SA resulting from the negotiation :
  
  
  1. The SA is shared between IDii and IDir (the gateways), and IDii
     IDir are performing IPSEC protection on traffic between IDui and
     IDur. In this case, IDui and IDur are unware of the IPSEC protection.
     
     
  2. The SA is shared between IDui and IDur and IDui and IDur perform IPSEC
     by themselves. IDii and IDir (the gateways) become more or less (IPSEC)
     transparent.
     
     
     



Pau-Chen

Prev by Date: ISAKMP & IPSEC DOI Drafts - Notify Payload - Certificate Authorities
Next by Date: Certificate Request Payload
Prev by thread: Re: AH (without ESP) on a secure gateway
Next by thread: I-D ACTION:draft-ietf-ipsec-isakmp-06.txt, .ps
Index(es):
- Main
- Thread