[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSEC SA scenario comment/question.

To: ipsec@tis.com
Subject: IPSEC SA scenario comment/question.
From: Gordon Oliver <gordo@telsur.cl>
Date: Tue, 25 Nov 1997 11:15:25 -0300
Sender: owner-ipsec@ex.tis.com


Given the Scenario H1 ---> SG1 ---> SG2, where H1 is communicating directly
with SG2 (e.g. remote administration of the SG2 firewall, from within a
protected domain).

In this case it is possible, according to the SA document, to have SG1 create
a tunnel of fragments to SG2. This implies that SG2 has to "double process"
the packets (i.e. process the tunnel between SG1 and SG2, queue fragment
for integration, process for any SA's between H1 and SG2).

should this scenario be supported? It seems a useful scenario, especially
for an AH header from the host (authenticate the admin), and an ESP tunnel
in the internet (hide the data from outsiders).

--
---------------------------------------------------------------
Gordon Oliver	(gordo@telsur.cl)	Independent Consultant
	... Available for consulting on Linux  ...

Prev by Date: Re: IPSEC SA doc comments
Next by Date: US Air Force IPSEC Requirements
Prev by thread: new DES cipher draft
Next by thread: US Air Force IPSEC Requirements
Index(es):
- Main
- Thread