[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network Management with IP Sec

To: "Grillo, John" <John.Grillo@compaq.com>
Subject: Re: Network Management with IP Sec
From: Stephen Kent <kent@bbn.com>
Date: Tue, 11 Aug 1998 10:10:39 -0400
Cc: "'ipsec@tis.com'" <ipsec@tis.com>
In-Reply-To: <E57016361284D011BD5F00805FEA5B71025CE770@EXCHOU-CA0201.im.hou.compaq.com>
Sender: owner-ipsec@ex.tis.com

John,

Yes, this issue has been raised in the past. The answer is that visibility
into the packet beyond the IP header, e.g., TCP and UPD headers, will be
lost if one sniffs packets after ESP has been applied. This is considered
essential in many instances and represents a clean layering approach to
security.  Application of AH does not prevent examination of those headers,
but monitering equipment will have to be programmed to look past the AH
header, just as it must be able to work its way through various other
header combinations.

With either security protocol, the original IP header is maintained in
transport mode. In tunnel mode the original IP header also is concealed by
ESP, but available (though burried) with AH.  In many instances IPsec will
be applied at a firewall, so net management sniffing behind the firewall
will still permit full access to packets.

Steve

Prev by Date: IP Tunnel for LAN-to-LAN with IPSEC
Next by Date: NIST's IPsec-WIT Tester now has IKE!!!
Prev by thread: RE: IP Tunnel for LAN-to-LAN with IPSEC
Next by thread: NIST's IPsec-WIT Tester now has IKE!!!
Index(es):
- Main
- Thread