[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deprecation of AH header from the IPSEC tool kit

To: Paul Koning <pkoning@xedia.com>
Subject: Re: Deprecation of AH header from the IPSEC tool kit
From: Ben McCann <bmccann@indusriver.com>
Date: Wed, 14 Jun 2000 14:07:16 -0400
CC: mat@cisco.com, ipsec@lists.tislabs.com, isis-wg@juniper.net, ospf@discuss.microsoft.com, ietf-rip@baynetworks.com
References: <29752A74B6C5D211A4920090273CA3DC01D282D3@new-exc1.ctron.com> <14663.35217.793569.559881@xedia.com> <14663.42213.816377.583137@thomasm-u1.cisco.com> <14663.47855.662864.377087@xedia.com> <14663.48838.383043.113376@thomasm-u1.cisco.com> <14663.49140.785124.646034@xedia.com>
Sender: owner-ipsec@lists.tislabs.com

>  Michael> This might be water well under the bridge, but has the
>  Michael> thought of having a mode to ESP which protects the outer
>  Michael> headers?

Aren't your goals met by using ESP _tunnel_ mode? Just tunnel the OSPF,
RIP, etc, packet from one box to the other. The tunneled packet has an
inner IP header is completely secured by ESP. This is the header seen
by OSPF, RIP, etc, once ESP completes the authentication of the packet.

-Ben McCann

-- 
Ben McCann                              Indus River Networks
                                        31 Nagog Park
                                        Acton, MA, 01720
email: bmccann@indusriver.com           web: www.indusriver.com 
phone: (978) 266-8140                   fax: (978) 266-8111

Follow-Ups: