[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IBM VPN Bakeoff Issues

To: "'Stephen Waters'" <Stephen.Waters@digital.com>, Tim Jenkins <tjenkins@TimeStep.com>
Subject: RE: IBM VPN Bakeoff Issues
From: Richard Draves <richdr@microsoft.com>
Date: Thu, 5 Nov 1998 10:24:49 -0800
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

> Yes, a point that was not raised at the workshop.  We did a 
> test with AH+ESP
> in tunnel mode. We took this to mean AH+ESP adjacent with a 
> shared tunnel
> header.  The other vendor took this to mean 
> IP1+AH+IP2+ESP+IP3.  There was
> some agreement that a proposal that offered AH-tunnel AND 
> ESP-tunnel should
> mean a shared tunnel-header, but maybe we need more text somewhere.

Maybe I'm not understanding this. Looking at the four possible combinations,
this is my understanding of how transport & tunnel mode combine:

AH-transport + ESP-transport:
	IP1 AH ESP transport
AH-transport + ESP-tunnel:
	IP1 AH ESP IP2 transport
AH-tunnel + ESP-transport:
	IP1 AH IP2 ESP transport
AH-tunnel + ESP-tunnel:
	IP1 AH IP2 ESP IP3 transport

Rich

Prev by Date: RE: IBM VPN Bakeoff Issues
Next by Date: RE: IBM VPN Bakeoff Issues
Prev by thread: RE: IBM VPN Bakeoff Issues
Next by thread: RE: IBM VPN Bakeoff Issues
Index(es):
- Main
- Thread