Re: Q: What is advantage of tunnel mode between host to host scenrio?

["Valery Smyslov" <svan@trustworks.com>]

----- Original Message ----- 
From: Paul Koning <pkoning@xedia.com>
To: <rupesh.jain@cdac.ernet.in>
Cc: <ipsec@lists.tislabs.com>
Sent: Friday, March 24, 2000 5:21 PM
Subject: Re: Q: What is advantage of tunnel mode between host to host scenrio?


[...]

>  rupesh> How it hides the fact that the communication is host to host
>  rupesh> because the inner and outer IP header may be same. Only in
>  rupesh> case of host having multiple NICs then this point is vaild.
> 
> You cannot see the inner header (it is encrypted).  So if you see
> tunnel mode communication, all you know is that the security gateway
> is sending secured traffic.  You cannot tell whether that traffic

Actually, you cannot even tell whether it is tunnel or transport
mode communication (if ESP is employed), because 
Next Header is also encrypted in ESP. You can only guess it
using some indirect information (packet size, for example).

> comes from the security gateway (the tunnel endpoint) or from
> somewhere else (a node behind the security gateway).  

Regards,
Valera.

> 
> paul
>

---

References:

• Re: Q: What is advantage of tunnel mode between host to host scenrio?
• From: "rupesh" <rupesh.jain@cdac.ernet.in>
• Re: Q: What is advantage of tunnel mode between host to host scenrio?
• From: Paul Koning <pkoning@xedia.com>

---

• Prev by Date: Re: Q: What is advantage of tunnel mode between host to host scenrio?
• Next by Date: Re: How to call from kernel to user program
• Prev by thread: Re: Q: What is advantage of tunnel mode between host to host scenrio?
• Next by thread: Re: Q: What is advantage of tunnel mode between host to host scenrio?
• Index(es):
  • Main
  • Thread