[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Deprecation of AH header from the IPSEC tool kit
> Michael> This might be water well under the bridge, but has the
> Michael> thought of having a mode to ESP which protects the outer
> Michael> headers?
Aren't your goals met by using ESP _tunnel_ mode? Just tunnel the OSPF,
RIP, etc, packet from one box to the other. The tunneled packet has an
inner IP header is completely secured by ESP. This is the header seen
by OSPF, RIP, etc, once ESP completes the authentication of the packet.
-Ben McCann
--
Ben McCann Indus River Networks
31 Nagog Park
Acton, MA, 01720
email: bmccann@indusriver.com web: www.indusriver.com
phone: (978) 266-8140 fax: (978) 266-8111
Follow-Ups:
References: