[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC tunnels for LAN-to-LAN interop issue

To: "Waters, Stephen" <Stephen.Waters@cabletron.com>
Subject: Re: IPSEC tunnels for LAN-to-LAN interop issue
From: Stephen Kent <kent@bbn.com>
Date: Thu, 26 Aug 1999 14:27:40 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <29752A74B6C5D211A4920090273CA3DCCDE236@new-exc1.ctron.com>
Sender: owner-ipsec@lists.tislabs.com

At 6:36 PM +0100 8/26/99, Waters, Stephen wrote:
>Hi,
>
>An interop question for the folks out there that support LAN-to-LAN VPNs
>with routing.
>
>Network:
>
>Head-end-------VPN tunnel 1------- remote site 1
>        |
>        -------VPN tunnel 2------- remote site 2
>
>Assume these two VPN tunnels are carried (from the head-end) over the same
>T1 connection to the Internet.
>
>If I want to run RIP to both sites, these tunnels need to be treated as
>genuine IP interface with the head-end device.
>
>There are three models that can be used here (using the example of an
>IP-inIP tunnel):
>
>1) IP tunnel device tunnels packets, IPSEC then applies transport-mode
>protection to the IP-in-IP packets as they leave.

Why transport mode here, vs. tunnel mode.  The device looks more like an SG
than an end system, does it not?

Steve

Follow-Ups:

Re: IPSEC tunnels for LAN-to-LAN interop issue

From: Lars Eggert <larse@ISI.EDU>

References:

IPSEC tunnels for LAN-to-LAN interop issue

From: "Waters, Stephen" <Stephen.Waters@cabletron.com>

Prev by Date: RE: IPSEC tunnels for LAN-to-LAN interop issue
Next by Date: RSA-155 factored last weekend
Prev by thread: Re: IPSEC tunnels for LAN-to-LAN interop issue
Next by thread: Re: IPSEC tunnels for LAN-to-LAN interop issue
Index(es):
- Main
- Thread