[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IBM VPN Bakeoff Issues

To: "'Daniel Harkins'" <dharkins@cisco.com>, "Scott G. Kelly" <skelly@redcreek.com>
Subject: RE: IBM VPN Bakeoff Issues
From: Richard Draves <richdr@microsoft.com>
Date: Fri, 6 Nov 1998 17:38:24 -0800
Cc: Stephen Waters <Stephen.Waters@digital.com>, ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

> > If the discussion is really going along this line, then it has gone
> > wrong. AH transport wrapped around an ESP tunnel looks like this:
> > 
> > [IP2][AH][ESP][IP1][DATA][TLR]
> > 
> > Clearly, the AH and ESP headers are adjacent, yet the modes are
> > different, and should be declared as such in the proposal.
> 
> You mean proposal_s_.
> 
> Proposing AH&ESP to protect tunneled traffic between 2 hosts 
> is different than proposing ESP to protect tunneled traffic
> between 2 hosts (STOP, seperate negotiation) and then proposing AH to
> protect ESP traffic in transport mode between the 2 gateways.

Suppose someone in the future, for some reason we don't understand now,
wants to use AH transport wrapped around ESP tunnel, directly between two
hosts? Could this be negotiated with one proposal asking for AH-transport +
ESP-tunnel?

Rich

Follow-Ups:

Re: IBM VPN Bakeoff Issues

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: IBM VPN Bakeoff Issues
Next by Date: Re: IBM VPN Bakeoff Issues
Prev by thread: Re: IBM VPN Bakeoff Issues
Next by thread: Re: IBM VPN Bakeoff Issues
Index(es):
- Main
- Thread