[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT and IPsec

To: "Joseph D. Harwood" <jharwood@vesta-corp.com>
Subject: Re: NAT and IPsec
From: Ari Huttunen <Ari.Huttunen@F-Secure.com>
Date: Sun, 22 Oct 2000 12:51:30 +0300
CC: Ipsec <ipsec@lists.tislabs.com>
Organization: F-Secure Corporation
References: <NDBBIBHFGLMFGJLIBOBMKEAICBAA.jharwood@vesta-corp.com>
Sender: owner-ipsec@lists.tislabs.com

"Joseph D. Harwood" wrote:
> 
> Regarding hosts not being required to implement IPsec tunnel mode, RFC 2401,
> Section 4.1:
> 
> "In summary,
>         a) A host MUST support both transport and tunnel mode.
>         b) A security gateway is required to support only tunnel mode..."
> 
> Has this changed?  How would a host that doesn't support tunnel mode talk to
> another host behind a security gateway?

Hmm.. You're right, it's just been so long since I read RFC2401.

I think such hosts do L2TP over IPsec to the gateway.

Ari

-- 
Ari Huttunen                   phone: +358 9 859 900
Senior Software Engineer       fax  : +358 9 8599 0452

F-Secure Corporation       http://www.F-Secure.com 

F-Secure products: Integrated Solutions for Enterprise Security

References:

RE: NAT and IPsec

From: "Joseph D. Harwood" <jharwood@vesta-corp.com>

Prev by Date: Re: NAT and IPsec
Next by Date: RE: NAT and IPsec
Prev by thread: RE: NAT and IPsec
Next by thread: Re: NAT and IPsec
Index(es):
- Main
- Thread