[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPCOMP and IPSEC



  Stephen,

> Is IPCOMP restricted for use by Hosts (at packet origin), or can it be
> appended by a Security Gateway as part of the process of adding an IPSEC
> tunnel header?

Sure, it can be done in a Security Gateway.

> e.g.
> 
> Original host packet [IP1][TCP][data]
> 
> After passing through a security gateway/IP tunnel:
> 
> [IP2][ESP][IPCOMP][IP1][TCP][data][padding/next protocol][ESP auth]
> 
> If this is supported, is it detailed anywhere?  For example, if an
> Explicit IV is used, would it come after the ESP header or after the
> IPCOMP header?

It would have to come after the ESP header. Since the next header field
is encrypted the recipient would have no idea yet that IPCOMP has been
added and not know to skip over that field. 

Anybody out there want to test IPSec and IPCOMP together? Send me an
email.

  Dan.



Follow-Ups: References: