[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec gateway vs. host
At 11:23 AM -0700 7/6/01, Saqib Jang wrote:
>Is there a scenario where IPsec implemented in a NIC
>or a HBA can be considered a "gateway" IPsec implementation.
>I'm trying to reconcile the proposal for iSCSI devices to only
>support tunnel-mode IPsec with the requirement in RFC 2401
>that only IPsec "gateways" can support only tunnel-mode IPsec,
>whereas "hosts' are required to support both tunnel and transport
>mode IPsec.
depending on where the NIC is used, it might appropriately support SG
vs. host Ipsec modes. but, it just sounds like the iSCSCI folks are
calling for a subset of IPsec functionality for their environment. a
compliant IPsec host implementation could be used in this more
restrictive fashion.
Steve
References: