[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Q: What is advantage of tunnel mode between host to host scenrio?

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: Q: What is advantage of tunnel mode between host to host scenrio?
From: Henry Spencer <henry@spsystems.net>
Date: Thu, 23 Mar 2000 10:40:39 -0500 (EST)
In-Reply-To: <000501bf9487$ba877ac0$2dcd09c0@nig95>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 23 Mar 2000, rupesh wrote:
> With Ref to RFC2401 tunnel mode between host to host MUST be supported
> without any Gateway in picture.In such a condition my Outer IP header will
> be same as Inner IP header.I am unable to visualise advantage of such a
> Mode...

The outer IP header won't be *exactly* the same as the inner one.  In
particular, the higher-level protocol identifier will be hidden.

Also, the fact that the outer and inner IP headers are similar is not
obvious to an eavesdropper.  If the gateways are (or could be) also
carrying IPSec traffic on behalf of other sites, there is considerable
added security in this. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Q: What is advantage of tunnel mode between host to host scenrio?

From: "rupesh" <rupesh.jain@cdac.ernet.in>

Prev by Date: RE: Deleted Internet Drafts
Next by Date: RE: Re[2]: IKE Public Key Encryption
Prev by thread: Q: What is advantage of tunnel mode between host to host scenrio?
Next by thread: Re: Q: What is advantage of tunnel mode between host to host scenrio?
Index(es):
- Main
- Thread