RE: IPSEC tunnels for LAN-to-LAN interop issue

[Lars Eggert <larse@ISI.EDU>]

-----BEGIN PGP SIGNED MESSAGE-----

  richard> To the other end of the tunnel, shouldn't it look like / be
  richard> negotiated as tunnel-mode IPSEC?

Can the remote end distinguish if a tunneled IPsec packet was created by IPIP
encapsulation + IPsec transport mode or IPsec tunnel mode? In either case, the
incoming SA will have to match on the outer header.

Also, how will an IPIP encapsulation + IPsec transport mode packet be
decapsulated? By IPsec? Or by the IPIP tunnel device? This ambiguity is one of
the reasons we would like to see IPsec tunnel mode be integrated with an IPIP
tunnel device (option 2 in Richards mail).

Lars
______________________________________________________________________________
Lars Eggert <larse@isi.edu>                     Information Sciences Institute
http://www.isi.edu/~larse/                   University of Southern California

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBN8WN4tZcnpRveo1xAQEz/AQAtAT/UDE7WI1SqcRAmr4pT2lcF27l3aia
ii81UEo+EfiWAh11UTIS3CiNlKk7o3wN7cA5KMyV2p1gkNfiM2JoCGlwh9ey038O
MfGN632jqxGVkfp+o74Ew4tHx2sZidrZS62rj1VWrxCgiVp0QexqEBsaUtvyzsP+
OYhCT4OOH/8=
=0KjO
-----END PGP SIGNATURE-----

---

Follow-Ups:

• RE: IPSEC tunnels for LAN-to-LAN interop issue
• From: Stephen Kent <kent@bbn.com>

References:

• RE: IPSEC tunnels for LAN-to-LAN interop issue
• From: Richard Draves <richdr@microsoft.com>

---

• Prev by Date: RSA-155 factored last weekend
• Next by Date: Re: IPSEC tunnels for LAN-to-LAN interop issue
• Prev by thread: RE: IPSEC tunnels for LAN-to-LAN interop issue
• Next by thread: RE: IPSEC tunnels for LAN-to-LAN interop issue
• Index(es):
  • Main
  • Thread