[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is tunnel IP address included in SA?
Motonori,
>Please let me ask some very primitive questions.
>
>Let's suppose the following network:
>
> | |
> PC1 -+ +- PC2
> | (Internet) |
> +-- R1 --- ......... --- R2 ----+
> | |
>
>Assume that R1 and R2 can do IPsec while PC1 and PC2 can't. PC1 sends
>an IP datagram to PC2.
>
>In this case,
>
> (1) R1 has to have an SA associated with PC2, right?
Ther has to be an SA from R1 to R2 over which traffic from PC1 to PC2 can
be carried.
> (2) Must AH and ESP be handled in tunnel mode?
Yes, all SAs involving a gateway must be tunnel mode SAs
> (3) How can one figure out the tunnel IP address for a paticular
> destination address? Is Tunnel IP address included in SA?
Good question! We require manual configuration initially, and defer
automated forms of discovery for R2 to a later document.
Steve
References: