[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: RFC 2401 section 5.2.1

To: "Lars Eggert" <larse@ISI.EDU>
Subject: RE: RFC 2401 section 5.2.1
From: "Joseph D. Harwood" <jharwood@vesta-corp.com>
Date: Tue, 21 Nov 2000 13:47:52 -0800
Cc: <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <3A1ABF07.EFE29FE9@isi.edu>
Sender: owner-ipsec@lists.tislabs.com



>
> What does tunnel mode give you that IPIP tunnels + IPsec transport mode
> don't? Inbound processing for both should be identical, since you can't
> tell the difference by looking at the packet.

Not quite identical.  After IPsec processing, the received packet's
selectors are checked against the SPD to make sure all of the appropriate
processing has been performed.  In Tunnel mode, these selectors are from the
inner (encapsulated) header, in IPIP + IPsec transport these selectors are
from the outer header.

>
> Lars
> --
> Lars Eggert <larse@isi.edu>                 Information Sciences Institute
> http://www.isi.edu/larse/                University of Southern
> California



Best Regards,
Joseph D. Harwood
jharwood@vesta-corp.com
www.vesta-corp.com

BEGIN:VCARD
VERSION:2.1
N:Harwood;Joseph;D.
FN:Joseph D. Harwood
ORG:Vesta Corporation
ADR;WORK:;(408) 838-9434;5201 Great America Parkway, Suite 320;Santa Clara;CA;95054
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:(408) 838-9434=0D=0A5201 Great America Parkway, Suite 320=0D=0ASanta Clara, =
CA 95054
URL:
URL:http://www.vesta-corp.com
EMAIL;PREF;INTERNET:jharwood@vesta-corp.com
REV:20001011T162328Z
END:VCARD

Follow-Ups:

RE: RFC 2401 section 5.2.1

From: "Markku Savela" <Markku.Savela@research.nokia.com>

Re: RFC 2401 section 5.2.1

From: Joe Touch <touch@ISI.EDU>

References:

Re: RFC 2401 section 5.2.1

From: Lars Eggert <larse@ISI.EDU>

Prev by Date: Hi
Next by Date: Re: RFC 2401 section 5.2.1
Prev by thread: Re: RFC 2401 section 5.2.1
Next by thread: RE: RFC 2401 section 5.2.1
Index(es):
- Main
- Thread