RE: NAT and IPsec

["Joseph D. Harwood" <jharwood@vesta-corp.com>]

> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Ari Huttunen
> Sent: Saturday, October 21, 2000 2:31 PM
> To: Joern Sierwald
> Cc: Jari Arkko; bernarda@microsoft.com; mstenber@ssh.com;
> jarkko@piuha.net; ipsec@lists.tislabs.com
> Subject: Re: NAT and IPsec
>

<SNIP>

>
> Right. The reason there is an attempt to incorporate transport
> mode is that some vendors do not implement IPsec tunnel mode
> in hosts, as it's not required by RFCs. As we have tunnel mode
> in our implementation, we're not actively pursuing in defining
> the transport mode. I welcome others to study using the transport
> mode. It is possible, but not so easy as tunnel mode.
>
>

Regarding hosts not being required to implement IPsec tunnel mode, RFC 2401,
Section 4.1:

"In summary,
	a) A host MUST support both transport and tunnel mode.
	b) A security gateway is required to support only tunnel mode..."

Has this changed?  How would a host that doesn't support tunnel mode talk to
another host behind a security gateway?


Best Regards,
Joseph D. Harwood
jharwood@vesta-corp.com
www.vesta-corp.com
BEGIN:VCARD
VERSION:2.1
N:Harwood;Joseph;D.
FN:Joseph D. Harwood
ORG:Vesta Corporation
ADR;WORK:;(408) 838-9434;5201 Great America Parkway, Suite 320;Santa Clara;CA;95054
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:(408) 838-9434=0D=0A5201 Great America Parkway, Suite 320=0D=0ASanta Clara, =
CA 95054
URL:
URL:http://www.vesta-corp.com
EMAIL;PREF;INTERNET:jharwood@vesta-corp.com
REV:20001011T162328Z
END:VCARD

---

Follow-Ups:

• Re: NAT and IPsec
• From: Ari Huttunen <Ari.Huttunen@F-Secure.com>

References:

• Re: NAT and IPsec
• From: Ari Huttunen <Ari.Huttunen@F-Secure.com>

---

• Prev by Date: Safety of pre-shared keys? (Re: Reliable delete notifies)
• Next by Date: Re: NAT and IPsec
• Prev by thread: Re: NAT and IPsec
• Next by thread: Re: NAT and IPsec
• Index(es):
  • Main
  • Thread