[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSEC tunnels for LAN-to-LAN interop issue

To: Stephen.Waters@cabletron.com
Subject: RE: IPSEC tunnels for LAN-to-LAN interop issue
From: Paul Koning <pkoning@xedia.com>
Date: Thu, 26 Aug 1999 18:02:22 -0400
Cc: richdr@microsoft.com, ipsec@lists.tislabs.com
References: <29752A74B6C5D211A4920090273CA3DCCDE23A@new-exc1.ctron.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Waters," == Waters, Stephen <Stephen.Waters@cabletron.com> writes:

 Waters,> 2) is a hack because I no longer have an interface. IPSEC
 Waters,> intercepts packet leaving the system, and, due to the fact
 Waters,> that the contents is completely scrambled has to add a new
 Waters,> header.

 Waters,> -----Original Message----- From: Richard Draves

 >> 1) IP tunnel device tunnels packets, IPSEC then applies
 >> transport-mode protection to the IP-in-IP packets as they leave.
 >> 
 >> 2) IPSEC tunnel is modeled as an interface, and just negotiates
 >> tunnel mode and exposes the resulting tunnel as an interface. This
 >> is akin to marrying an SDP policy with an Interface.
 >> 
 >> 3) IP tunnel device tunnels packets, IPSEC then applies tunnel
 >> mode protection.

I'm not sure why you call (2) a hack.  It is a perfectly reasonable
way of doing things.  Why did you say "I no longer have an interface"?
(2) is, approximately, what we do in our product.  One consequence is
that routing protocols (RIP, OSPF, etc.) work normally across tunnels.

	paul

References:

RE: IPSEC tunnels for LAN-to-LAN interop issue

From: "Waters, Stephen" <Stephen.Waters@cabletron.com>

Prev by Date: RE: IPSEC tunnels for LAN-to-LAN interop issue
Next by Date: RE: IPSEC tunnels for LAN-to-LAN interop issue
Prev by thread: RE: IPSEC tunnels for LAN-to-LAN interop issue
Next by thread: RE: IPSEC tunnels for LAN-to-LAN interop issue
Index(es):
- Main
- Thread