[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec Complexity

To: CTrobridge@baltimore.com
Subject: RE: IPSec Complexity
From: Markku Savela <msa@anise.tte.vtt.fi>
Date: Fri, 18 Feb 2000 20:30:30 +0200 (EET)
CC: ipsec@lists.tislabs.com
In-reply-to: <1FD60AE4DB6CD2118C420008C74C27B81D044A@baltimore.com> (message from Chris Trobridge on Fri, 18 Feb 2000 17:11:20 -0000)
Reply-to: msa@hemuli.tte.vtt.fi (Markku Savela)
Sender: owner-ipsec@lists.tislabs.com

> From: Chris Trobridge <CTrobridge@baltimore.com> The only way around
> this would be, as I think someone's already said, is to perform IP
> in IP tunneling first and then use Transport mode.

On the wire the tunnel mode is *exactly* same as transport mode applied to
IPIP tunnel. Bitstreams are identical.

One end could be applying IPSEC transport mode to IPIP tunnel, and
other end could be doing IPSEC in tunnel mode, and they can
communicate quite okay.

I still cannot see any complexity in the basic kernel IPSEC
implementation (although AH interactions with Mobile IP in IPv6 is
scaring me a bit, but we shall see when I get that far...)

-- msa

Follow-Ups:

RE: IPSec Complexity

From: Stephen Kent <kent@bbn.com>

References:

RE: IPSec Complexity

From: Chris Trobridge <CTrobridge@baltimore.com>

Prev by Date: Re: IPSec Complexity
Next by Date: RE: IPSec Complexity
Prev by thread: RE: IPSec Complexity
Next by thread: RE: IPSec Complexity
Index(es):
- Main
- Thread