[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec Architecture -- proposed changes



In message <3.0.3.32.19971007134756.032a619c@ranier.altavista-software.com>, Matt Thomas writes:
> No!  If the de-encapsulator is the destination of the tunnelled packet
> then he is not forwarding it and therefore should not be decrementing the
> TTL.  Only if he would forward the packet on must he decrement the TTL.

Agreed. RFC2003 covers this, which is why I referenced it. I won't re-quote
it here.  Encapsulation and forwarding *are* treated separately WRT TTL
processing; the net result is what you would expect if the tunnel were
simply a layer 2 connection between the tunnel endpoints.


References: