[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC tunnels for LAN-to-LAN interop issue

To: Stephen.Waters@cabletron.com
Subject: Re: IPSEC tunnels for LAN-to-LAN interop issue
From: John Shriver <jas@shiva.com>
Date: Fri, 27 Aug 1999 13:16:55 -0400
CC: ipsec@lists.tislabs.com
In-reply-to: <29752A74B6C5D211A4920090273CA3DCCDE252@new-exc1.ctron.com>(Stephen.Waters@cabletron.com)
Sender: owner-ipsec@lists.tislabs.com

Yes, what I think people want today for Security Gateways is VPN
tunnel portals, with pre-defined point-to-point links.  That's why
we're going to see of lot of IP over PPP over L2TP over IPSec
transport.

PPP also addresses the link-up detection issue.  Use echo request and
reply, or full LQM.  (Or trust OSPF hellos to detect what matters.)


This won't address the issue of a Security Gateway at company A that
wants to let host 2 at company B access host 1 in company A.  But I
think that involves many unsolved policy issues.  (How do I know I
should trust host 2.  What if company B wants to keep the trustedness
of host 2 a secret?  What if company A wants to keep the accesibility
of host 1 a secret from everyone but company B?  Nightmare...)

References:

RE: IPSEC tunnels for LAN-to-LAN interop issue

From: "Waters, Stephen" <Stephen.Waters@cabletron.com>

Prev by Date: Re: IPCOMP Questions
Next by Date: Re: IPSEC tunnels for LAN-to-LAN interop issue
Prev by thread: RE: IPSEC tunnels for LAN-to-LAN interop issue
Next by thread: Re: IPSEC tunnels for LAN-to-LAN interop issue
Index(es):
- Main
- Thread