Re: order/nesting of IPsec headers (transport mode)

[Ne <sakane@crd.yokogawa.co.jp>]

Hi there.
I have some question from the draft-ietf-ipsec-arch-sec-01.txt
which e-mailed on 30 July.

When we apply the IPSEC to the following packet,

  [IP1][upper]

There are all pattern of SA in following, which are indicated by
the draft-ietf-ipsec-arch-sec-01.txt e-mailed on 30 July,

  Only transport mode
  [IP1][AH][upper]
  [IP1][ESP][upper]

  Only tunnel mode
  [IP2][AH][IP1][upper]
  [IP2][ESP][IP1][upper]

  Combined transport mode of AH and ESP, "Transport adjacency"
  [IP1][AH][ESP][upper]

  Combined tunnel mode of ESP and AH, "Iterated tunneling"
  [IPn][AH or ESP][IPn-1][AH or ESP][...][IP2][AH or ESP][IP1][upper]

  Combined transport mode of AH or ESP, and "Iterated tunneling"
  [IPn][AH or ESP][IPn-1][AH or ESP][...][IP2][AH or ESP][IP1][AH or ESP][upper]

  Combined "Transport adjacency" and "Iterated tunneling"
  [IPn][AH or ESP][IPn-1][AH or ESP][...][IP2][AH or ESP][IP1][AH][ESP][XPORT]

Is that all ?

The next, Is there a pattern of bundle SA as following, ?

  [IP2][AH][ESP][IP1][upper]

    * [upper] is the upper layer protocol

If certainly, is that constructed two tunnel mode of both AH and ESP
that are terminated at same destination ?

Regards.

P.S. Thank you for your help and sorry for my bad english
==========================================================
 Shoichi Sakane                  TEL   : +81-0423-33-6209
 E-Mail: sakane@cct.dcl.co.jp    FAX   : +81-0423-52-6102
 Information & Communication Technology Center
 Yokogawa Digital Computer Corporation, Tokyo, JAPAN

---

• Prev by Date: Re: IPSEC and NAT
• Next by Date: Is tunnel IP address included in SA?
• Prev by thread: Re: order/nesting of IPsec headers (transport mode)
• Next by thread: Re: order/nesting of IPsec headers (transport mode)
• Index(es):
  • Main
  • Thread