[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec Complexity

To: ipsec@lists.tislabs.com
Subject: RE: IPSec Complexity
From: Chris Trobridge <CTrobridge@baltimore.com>
Date: Fri, 18 Feb 2000 17:11:20 -0000
Sender: owner-ipsec@lists.tislabs.com

The trouble is that Transport mode isn't adequate for Security Gateways
(which is why it's only allowed for end to end, I guess).  The only way
around this would be, as I think someone's already said, is to perform IP in
IP tunneling first and then use Transport mode.

Chris

> -----Original Message-----
> From: Skip Booth [mailto:ebooth@cisco.com]
> Sent: 18 February 2000 04:26
> To: Joe Touch
> Cc: ipsec@lists.tislabs.com; skye@ffwd.com
> Subject: Re: IPSec Complexity

> If we were to get rid of one mode for IPSEC, I certainly 
> would cast my vote for
> getting rid of Tunnel Mode.  I think this is probably a moot 
> point though, since
> there are just too many implementations out there with tunnel mode.
> 
> -Skip

Follow-Ups:

RE: IPSec Complexity

From: Stephen Kent <kent@bbn.com>

RE: IPSec Complexity

From: Markku Savela <msa@anise.tte.vtt.fi>

Prev by Date: Re: IPSec Complexity
Next by Date: RE: IPSec Complexity
Prev by thread: Re: IPSec Complexity
Next by thread: RE: IPSec Complexity
Index(es):
- Main
- Thread