[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: allowing transport mode...

To: "Jain, Gautam" <GJain@smartpipes.com>
Subject: Re: allowing transport mode...
From: Renu Agarwal <ragarwal@globespan.net>
Date: Wed, 25 Apr 2001 09:38:04 +0530
Cc: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Organization: Globespan India Pvt Ltd.,
References: <4652644B98DFF34696801F8F3070D3FE04B485@D2CSPEXM001.smartpipes.com>
Sender: owner-ipsec@lists.tislabs.com

"Jain, Gautam" wrote:

> With reference to section 4.1 in RFC 2401 I have a question on the following
> statement.
>
> Note that for the case where traffic is destined for a
> security gateway, e.g., SNMP commands, the security gateway is acting
> as a host and transport mode is allowed.
>
> What is the rationale behind allowing transport mode in case
> of one of the peers being a security gateway. One seems to be
> network management. What others would allow a security gateway
> to act as a host in the ipsec world. If we were to collectively ( instead of
> identifying
> applications that allow this ) say, what would we the bottomline
> for allowing transport mode in case of a security gateway acting
> as a host in IPSec.
>
> gautam

If the security gateway is running an application over IP then it should
use the transport mode for all packets orginating /destined for those
applications. The applications could be anything like FTP, TFTP including
any proprietary application running on the securtiy gateway.

Hope it answers your question,

Renu

--
__________________________________________________________
Renu Agarwal
Globespan Inc.

E-mail: mailto:ragarwal@globespan.net
Web : http://www.globespan.net
__________________________________________________________

******************Legal Disclaimer**************************
"This email message is for the sole use of the intended recipient(s) and may contain confidential, proprietary or legally privileged information.  No confidentiality or privilege is waived or lost by any mistransmission.  If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender by reply email.  You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient.  Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of GLOBESPAN, INC. or any of its subsidiaries."
****************************************************************

Follow-Ups:

Re: allowing transport mode...

From: Ramin Alidousti <ramin@uu.net>

References:

allowing transport mode...

From: "Jain, Gautam" <GJain@smartpipes.com>

Prev by Date: Re: mib
Next by Date: Misc. issues: Inbound SA triple identification / Inbound&Outbound SA, selectors exchange
Next by thread: Re: help
Index(es):
- Main
- Thread