[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC tunnels for LAN-to-LAN interop issue



-----BEGIN PGP SIGNED MESSAGE-----

  >> 1) IP tunnel device tunnels packets, IPSEC then applies transport-mode
  >> protection to the IP-in-IP packets as they leave.

  stephen> Why transport mode here, vs. tunnel mode.  The device looks more
  stephen> like an SG than an end system, does it not?

He wants to run RIP over the tunnels. IPsec tunnel mode (at least all
implementations I have seen) is handled by packet filters/firewalls, which
means the tunnel is not represented in the routing table and RIP won't see
them. Using an IPIP tunnel device (which will show up in the routing table)
plus IPsec transport mode is a way to circumvent this.

Lars
______________________________________________________________________________
Lars Eggert <larse@isi.edu>                     Information Sciences Institute
http://www.isi.edu/~larse/                   University of Southern California

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBN8WO09ZcnpRveo1xAQGxPQQArbJI1Y/wGLsFbMP0BXeY6+hc3pVRhCYr
22dpvc6lpNnWc7OMRJlgauKxfq8fpiCMQDOQfNj6+O7Rup5kkXvoZSwksaWTaEqE
jzQBkqvIn5dm8I1EFzBJi8aMlW4wG7hI7Ik1XA88eAWpjLBMBNrRbM7BFev7JZZl
InaaJ/8pIQc=
=7NRI
-----END PGP SIGNATURE-----


Follow-Ups: References: