[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH (without ESP) on a secure gateway

To: pau@watson.ibm.com
Subject: Re: AH (without ESP) on a secure gateway
From: Daniel Harkins <dharkins@cisco.com>
Date: Sun, 01 Dec 1996 16:37:41 -0800
Cc: ipsec@tis.com, isakmp-oakley@cisco.com
In-Reply-To: Your message of "Wed, 27 Nov 1996 15:53:29 EST." <9611272053.AA22380@secpwr.watson.ibm.com>
Sender: owner-ipsec@ex.tis.com

Pau-Chen wrote:
> I have a question triggered by the discussion :
> 
>   If two firewalls (gateways), IDii and IDir, did a successful ISAKMP
>   phase-II proxy negotiation for IDui and IDur. Then, which one is the
>   right usage of the SA resulting from the negotiation :
> 
>   1. The SA is shared between IDii and IDir (the gateways), and IDii
>      IDir are performing IPSEC protection on traffic between IDui and
>      IDur. In this case, IDui and IDur are unware of the IPSEC
>      protection.
> 
>   2. The SA is shared between IDui and IDur and IDui and IDur perform
>      IPSEC by themselves. IDii and IDir (the gateways) become more or less
>      (IPSEC) transparent.

Number one is the correct usage. 

  Dan.

Prev by Date: Re: I-D ACTION:draft-ipsec-ipsec-doi-01.txt
Next by Date: Re: AH (without ESP) on a secure gateway
Prev by thread: Re: I-D ACTION:draft-ipsec-ipsec-doi-01.txt
Next by thread: Re: AH (without ESP) on a secure gateway
Index(es):
- Main
- Thread