[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bridging non-IP traffic over IPSec
John,
>Well, in the case where one is running IPX over PPP over L2TP over ESP
>over IP, the endpoint of the IP traffic is the security gateway at
>each end. Well, this presumes that the security gateway is also going
>to rip all the headers off up to the IPX level, and be an IPX router
>on the internal networks. So, it is the ultimate endpoint of the _IP_
>traffic.
Agreed. In that case, if the IP headers are stripped by the gateway, I
have no objection to use of transport mode.
>So, by the semantics, we are OK using ESP transport mode.
>
>Of course, the fact that the the security gateway is not the ultimate
>endpoint of the IPX traffic might be viewed as violating the spirit of
>RFC 2401.
But IPsec deals only with IP traffic, so the IPX destination is outside the
scope of what we would know/care about.
Steve
References: