[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bridging non-IP traffic over IPSec



Well, in the case where one is running IPX over PPP over L2TP over ESP
over IP, the endpoint of the IP traffic is the security gateway at
each end.  Well, this presumes that the security gateway is also going
to rip all the headers off up to the IPX level, and be an IPX router
on the internal networks.  So, it is the ultimate endpoint of the _IP_
traffic.

So, by the semantics, we are OK using ESP transport mode.

Of course, the fact that the the security gateway is not the ultimate
endpoint of the IPX traffic might be viewed as violating the spirit of
RFC 2401.

Of course, since Microsoft doesn't have MTU problems in their stack of
IPX over PPP over PPTP (or even L2TP) over IP over ESP over IP, they
can contently use tunnel or transport mode.  IPX's MTU problems don't
show when the enpoint of the connection has restricted MTU.



Follow-Ups: