[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IKE and tunneling
Henry,
Thank you for the rapid response!
I have a second question: If an IPSec session goes down because of a
connection being lost or for some other reason, once communications are
re-established between the two hosts through either the same or different
pathways, does a new SA have to be negotiated? Can I immediately begin
speaking IPSec again, or must I speak IKE first to establish the parameters
with which to build an IPSec SA again?
Elliott T Dorham, LT., USN
Naval Postgraduate School
Information Systems Technology, Code 32
etdorham@nps.navy.mil
>-----Original Message-----
>From: owner-ipsec@lists.tislabs.com
>[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Henry Spencer
>Sent: 11 December, 1999 11:45
>To: Dorham, Elliot
>Cc: ipsec@lists.tislabs.com
>Subject: Re: IKE and tunneling
>
>
>On Fri, 10 Dec 1999, Dorham, Elliot wrote:
>> Can anyone tell me if what the relationship is between IPSec and
>> other tunneling protocols such as L2TP and PPTP.
>
>There is none. They are some similarities in functions and approach, but
>they are different protocols.
>
>> Also, during
>> the initial IKE, are the UDP packets that are exchanged tunneled?
>
>No, the IKE packets (all of them, not just at the start) go direct from
>IKE implementation to IKE implementation, without any complications of
>that sort. The IKE implementations do their own encryption and
>authentication. IKE negotiates tunnels for more ordinary IP traffic,
>but the IKE traffic itself doesn't go through those tunnels.
>
>> If not, can they be...
>
>Once the tunnels are set up, conceivably you could send further IKE
>packets through them... but it's a bad idea, because if one end goes down
>and comes back up again -- losing all its tunnels -- then the two ends
>can't communicate, because the intact end is trying to send IKE packets
>through broken tunnels.
>
> Henry Spencer
> henry@spsystems.net
>
>(henry@zoo.toronto.edu)
>
Follow-Ups:
References: