[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: some issues about IPSec



Bronislav Kavsan wrote:
> 
<snip> 
> You can do end-user to end-usr in tunnel mode - therefore I don't buy this
> argument.
> 
<snip again...> 
> I don't buy this argument either - there is no need for double-encapsulation -
> just establish end-to-end tunnel.

By definition, tunnel mode requires encapsulation. If you are doing
end-user to end-user in tunnel mode, this is inefficient because you are
wrapping an extra ip header around the packet which supplies no new
information.


References: