[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: SA bundle negotiation

To: "'David Tannheimer'" <dtannhei@nortelnetworks.com>, ipsec@lists.tislabs.com
Subject: RE: SA bundle negotiation
From: Sankar Ramamoorthi <Sankar@vpnet.com>
Date: Fri, 15 Oct 1999 11:13:44 -0700
Sender: owner-ipsec@lists.tislabs.com

It is my understanding that all should be negotiated in tunnel mode.

-- sankar --

-----Original Message-----
From: David Tannheimer [mailto:dtannhei@nortelnetworks.com]
Sent: Friday, October 15, 1999 7:17 AM
To: ipsec@lists.tislabs.com
Subject: SA bundle negotiation

I apologize in advance if this has already been beaten to death on the
list.  I have a question as to the right way to negotiate encapsulation
mode for certain ipsec SA bundles, to ensure interoperability.
I've heard various arguments, but I need a larger feedback sampling.

To achieve the following encapsulation format, should both the ESP
transform payload and the AH transform payload (in the quick mode
exchange) specify Tunnel mode, or is ESP in Tunnel mode and AH in
Transport mode?

        -----------------------------------------
        | Outer  | AH  | ESP | Orig   | Payload |
        | IP Hdr | Hdr | Hdr | IP Hdr |         |
        -----------------------------------------

Same idea here.  Should IPComp be negotiated as Tunnel mode, with both
ESP and AH in Transport mode, or are they all negotiated as Tunnel mode?

        --------------------------------------------------
        | Outer  | AH  | ESP | IPComp | Orig   | Payload |
        | IP Hdr | Hdr | Hdr | Hdr    | IP Hdr |         |
        --------------------------------------------------

Thanks,
Dave

Prev by Date: RE: Re[2]: PPP over IPSec (without L2TP)?
Next by Date: Re: comments on the latest GSSAPI draft changes
Prev by thread: SA bundle negotiation
Next by thread: IKE authentication method details
Index(es):
- Main
- Thread