[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: doi-07/interoperability questions
Eric L. Wong writes:
> Sounds to me you are suggesting the following changes to the arch spec
> in section 4.5 Case 1.
> ]
> ] Transport Tunnel
> ] ----------------- ---------------------
> ] 1. [IP1][AH][upper] 4. [IP2][AH][IP1][upper]
> ] 2. [IP1][ESP][upper] 5. [IP2][ESP][IP1][upper]
> ] 3. [IP1][AH][ESP][upper]
> ]
>
> Transport Tunnel
> ----------------- ---------------------
> 1. [IP1][AH][upper] (remove)4. [IP2][AH][IP1][upper]
> (remove)2. [IP1][ESP][upper] 5. [IP2][ESP][IP1][upper]
> 3. [IP1][AH][ESP][upper] (add)6. [IP2][AH][ESP][IP1][upper]
>
> Is this correct?
Nope. All I'm suggesting is that we have a way to negotiate 5 followed
by 1 in ISAKMP. The net result being:
[IP1][upper]
[IP2][ESP][IP1][upper]
[IP2][AH][ESP][IP1][upper]
I used to think that 6 was necessary, but was convinced this was not a
valid combination by Stephen Kent at the December IETF (AH is no longer
in tunnel mode). You can, however, emulate it using the 5+1
combination. This was what I was suggesting in the AH (transport) + ESP
(tunnel) proposal.
ben
References: