[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bridging non-IP traffic over IPSec

To: John Shriver <jas@shiva.com>
Subject: Re: Bridging non-IP traffic over IPSec
From: Stephen Kent <kent@bbn.com>
Date: Mon, 22 Feb 1999 11:23:51 -0500
Cc: ipsec@tis.com
In-Reply-To: <199902212234.RAA26683@brill.shiva.com>
References: <v04011718b2f380f44ee7@[128.33.238.58]> (message from StephenKent on Sun, 21 Feb 1999 14:07:42 -0500)
Sender: owner-ipsec@ex.tis.com

John,

>Well, in the case where one is running IPX over PPP over L2TP over ESP
>over IP, the endpoint of the IP traffic is the security gateway at
>each end.  Well, this presumes that the security gateway is also going
>to rip all the headers off up to the IPX level, and be an IPX router
>on the internal networks.  So, it is the ultimate endpoint of the _IP_
>traffic.

Agreed.  In that case, if the IP headers are stripped by the gateway, I
have no objection to use of transport mode.

>So, by the semantics, we are OK using ESP transport mode.
>
>Of course, the fact that the the security gateway is not the ultimate
>endpoint of the IPX traffic might be viewed as violating the spirit of
>RFC 2401.

But IPsec deals only with IP traffic, so the IPX destination is outside the
scope of what we would know/care about.

Steve

References:

Re: Bridging non-IP traffic over IPSec

From: John Shriver <jas@shiva.com>

Prev by Date: Re: Bridging non-IP traffic over IPSec
Next by Date: Re: (IPng 7212) RE: Last Call: Mobility Support in IPv6 to Proposed Standard
Prev by thread: Re: Bridging non-IP traffic over IPSec
Next by thread: RE: Bridging non-IP traffic over IPSec
Index(es):
- Main
- Thread