Re: IKE and tunneling

[Henry Spencer <henry@spsystems.net>]

On Fri, 10 Dec 1999, Dorham, Elliot wrote:
> Can anyone tell me if what the relationship is between IPSec and 
> other tunneling protocols such as L2TP and PPTP.

There is none.  They are some similarities in functions and approach, but
they are different protocols. 

> Also, during
> the initial IKE, are the UDP packets that are exchanged tunneled?

No, the IKE packets (all of them, not just at the start) go direct from
IKE implementation to IKE implementation, without any complications of
that sort.  The IKE implementations do their own encryption and
authentication.  IKE negotiates tunnels for more ordinary IP traffic,
but the IKE traffic itself doesn't go through those tunnels.

> If not, can they be...

Once the tunnels are set up, conceivably you could send further IKE
packets through them... but it's a bad idea, because if one end goes down
and comes back up again -- losing all its tunnels -- then the two ends
can't communicate, because the intact end is trying to send IKE packets
through broken tunnels. 

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

---

Follow-Ups:

• RE: IKE and tunneling
• From: "Elliott T. Dorham" <etdorham@nps.navy.mil>
• Re: IKE and tunneling
• From: "W. Mark Townsley" <townsley@cisco.com>

References:

• IKE and tunneling
• From: "Dorham, Elliot" <etdorham@nps.navy.mil>

---

• Prev by Date: Re: IPSec SA DELETE in "dangling" implementation
• Next by Date: RE: IKE and tunneling
• Prev by thread: IKE and tunneling
• Next by thread: RE: IKE and tunneling
• Index(es):
  • Main
  • Thread