[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: allowing transport mode...
You don't have to use transport mode at all, according to the RFC.
In fact sometimes you have to use tunnel mode, eg when the service is being
accessed by non-IPSEC client behind an IPSEC gateway.
CL <--> SGW1 <===> SGW2
When the Client accesses, eg, an FTP server on SGW2 the path between SGW1
and SGW2 must be protected by tunnel mode. (Well unless the access is via a
proxy on SGW1...)
Chris
> -----Original Message-----
> From: Ramin Alidousti [mailto:ramin@uu.net]
> Sent: 25 April 2001 13:04
> To: Renu Agarwal
> Cc: Jain, Gautam; 'ipsec@lists.tislabs.com'
> Subject: Re: allowing transport mode...
>
>
> On Wed, Apr 25, 2001 at 09:38:04AM +0530, Renu Agarwal wrote:
>
> > "Jain, Gautam" wrote:
> >
> > If the security gateway is running an application over IP
> then it should
> > use the transport mode for all packets orginating /destined
> for those
> > applications. The applications could be anything like FTP,
> TFTP including
> > any proprietary application running on the securtiy gateway.
>
> Is it a must that one should use transport mode for the
> security gateway
> which is running an application or does one have a choice in
> this case to
> use either modes?
>
> Ramin
>
> >
> > Hope it answers your question,
> >
> > Renu
> >
> >
> > --
> > __________________________________________________________
> > Renu Agarwal
> > Globespan Inc.
> >
> > E-mail: mailto:ragarwal@globespan.net
> > Web : http://www.globespan.net
> > __________________________________________________________
> >
> >
> >
> > ******************Legal Disclaimer**************************
> > "This email message is for the sole use of the intended
> recipient(s) and may contain confidential, proprietary or
> legally privileged information. No confidentiality or
> privilege is waived or lost by any mistransmission. If you
> receive this message in error, please immediately delete it
> and all copies of it from your system, destroy any hard
> copies of it and notify the sender by reply email. You must
> not, directly or indirectly, use, disclose, distribute,
> print, or copy any part of this message if you are not the
> intended recipient. Any views expressed in this message are
> those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them
> to be the views of GLOBESPAN, INC. or any of its subsidiaries."
> > ****************************************************************
>
>
> This footnote confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
>
-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended
for the addressee(s) only. If you have received this message in error or
there are any problems please notify the originator immediately. The
unauthorized use, disclosure, copying or alteration of this message is
strictly forbidden. Baltimore Technologies plc will not be liable for direct,
special, indirect or consequential damages arising from alteration of the
contents of this message by a third party or as a result of any virus being
passed on.
In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.
This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.