[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tunnle mode SAs...

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: tunnle mode SAs...
From: "Jain, Gautam" <GJain@smartpipes.com>
Date: Tue, 24 Apr 2001 17:11:49 -0000
Sender: owner-ipsec@lists.tislabs.com

With reference to section 4.1 in RFC 2401 I have a question on the
following statement.

The requirement for any (transit traffic) SA involving a
security gateway to be a tunnel SA arises due to the need to avoid
potential problems with regard to fragmentation and reassembly of
IPsec packets, and in circumstances where multiple paths (e.g., via
different security gateways) exist to the same destination behind the
security gateways.

How does a tunnel mode SA avoid the fragmentation problem and why
is a transport mode SA a problem if there exist multiple paths to the
same destination behind the security gateways ?

gautam

Follow-Ups:

Re: tunnle mode SAs...

From: Stephen Kent <kent@bbn.com>

Prev by Date: allowing transport mode...
Next by Date: Re: Misc. issues: Inbound SA triple identification /Inbound&Outbound SA, selectors exchange
Prev by thread: Re: Misc. issues: Inbound SA triple identification /Inbound&Outbound SA, selectors exchange
Next by thread: Re: tunnle mode SAs...
Index(es):
- Main
- Thread