[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Is tunnel IP address included in SA?



Hi,

Please let me ask some very primitive questions.

Let's suppose the following network:

      |                               |
 PC1 -+                               +- PC2
      |         (Internet)            |
      +-- R1 --- ......... --- R2 ----+
      |                               |

Assume that R1 and R2 can do IPsec while PC1 and PC2 can't. PC1 sends
an IP datagram to PC2. 

In this case, 

 (1) R1 has to have an SA associated with PC2, right?

 (2) Must AH and ESP be handled in tunnel mode?

 (3) How can one figure out the tunnel IP address for a paticular
     destination address? Is Tunnel IP address included in SA?

Any advise will be appreciated.

=====================================
Motonori Shindo
   Systems Engineer     
   Ascend Communications Japan K.K.   
   email: mshindo@ascend.co.jp
   TEL: +81-3-5325-7306 
=====================================


Follow-Ups: