[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IBM VPN Bakeoff Issues



> If your saying 'IKE proposal ordering should have no 
> signficance', I agree.

I think it should have significance.

> I think it would also make sense to say that all 'AND' 
> proposals are the same mode (tunnel or transport)
> and MUST be adjacent and in performed on the data in the 
> 'right' order (IPCOMP,ESP,AH)
> and appear in the packet in that order (building outwards).
> 
> Of the AH+ESP test we did last week, I had no problems with 
> AH+ESP in transport mode, but 
> our interpretation of AH-tunnel AND ESP-tunnel was different 
> from another vendors. We thought it
> should be 'IP AH ESP IP upper', and they thought it should be 
> 'IP AH IP ESP IP upper'.

I agree with "they". If you want to specify "IP AH ESP IP upper", then ask
for AH-transport AND ESP-tunnel.

Rich


Follow-Ups: