[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Deprecation of AH header from the IPSEC tool kit
Ben McCann writes:
> > Michael> This might be water well under the bridge, but has the
> > Michael> thought of having a mode to ESP which protects the outer
> > Michael> headers?
>
> Aren't your goals met by using ESP _tunnel_ mode? Just tunnel the OSPF,
> RIP, etc, packet from one box to the other. The tunneled packet has an
> inner IP header is completely secured by ESP. This is the header seen
> by OSPF, RIP, etc, once ESP completes the authentication of the packet.
>
See my previous post. Throwing bytes at the problem
is certainly one way to solve it, but it may not
be practical in many, many cases.
Mike
References: