[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fw: Q: What is advantage of tunnel mode between host to host scenrio?

To: "IPSEC" <ipsec@lists.tislabs.com>
Subject: Fw: Q: What is advantage of tunnel mode between host to host scenrio?
From: "rupesh" <rupesh.jain@cdac.ernet.in>
Date: Fri, 24 Mar 2000 10:15:01 +0530
Sender: owner-ipsec@lists.tislabs.com


>Hi
>The fact you are making  the higher-level protocol identifier will be
>hidden.I think higher protocols will be hidden in ESP - Trasport Mode also
&
>there is no need for Tunnel mode for that.Tunnel mode is meant specifically
>for hiding inner IP address.So, please elobrate your point.
>Reg
>Rupesh
>
>-----Original Message-----
>From: Henry Spencer <henry@spsystems.net>
>To: IP Security List <ipsec@lists.tislabs.com>
>Date: Thursday, March 23, 2000 11:22 PM
>Subject: Re: Q: What is advantage of tunnel mode between host to host
>scenrio?
>
>
>>On Thu, 23 Mar 2000, rupesh wrote:
>>> With Ref to RFC2401 tunnel mode between host to host MUST be supported
>>> without any Gateway in picture.In such a condition my Outer IP header
>will
>>> be same as Inner IP header.I am unable to visualise advantage of such a
>>> Mode...
>>
>>The outer IP header won't be *exactly* the same as the inner one.  In
>>particular, the higher-level protocol identifier will be hidden.
>>
>>Also, the fact that the outer and inner IP headers are similar is not
>>obvious to an eavesdropper.  If the gateways are (or could be) also
>>carrying IPSec traffic on behalf of other sites, there is considerable
>>added security in this.
>>
>>                                                          Henry Spencer
>>                                                       henry@spsystems.net
>

Prev by Date: Re: Q: What is advantage of tunnel mode between host to host scenrio?
Next by Date: Re: Announcing X-Bone VPN/overlay software release
Prev by thread: No Subject
Next by thread: Deleted Internet Drafts
Index(es):
- Main
- Thread