[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT and IPsec
"Joseph D. Harwood" wrote:
>
> Regarding hosts not being required to implement IPsec tunnel mode, RFC 2401,
> Section 4.1:
>
> "In summary,
> a) A host MUST support both transport and tunnel mode.
> b) A security gateway is required to support only tunnel mode..."
>
> Has this changed? How would a host that doesn't support tunnel mode talk to
> another host behind a security gateway?
Hmm.. You're right, it's just been so long since I read RFC2401.
I think such hosts do L2TP over IPsec to the gateway.
Ari
--
Ari Huttunen phone: +358 9 859 900
Senior Software Engineer fax : +358 9 8599 0452
F-Secure Corporation http://www.F-Secure.com
F-Secure products: Integrated Solutions for Enterprise Security
References: