[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: inbound vs outbound?
Hi.
Its Strange. I did not saw this matter that you said in RFC2401. there is no
reason to look at SPD twice.
do you think that we have two SPD for an ipsec system ? ( one for outbound
and one for inbound !! ). but we just have one SPD per IPSEC system.
Also I choosed native implementation s why I have to process one packet
twice ? I have one Ipsec system for all interfaces with just one SPD.
I choosed this Strategy. Every packet that is comming (iamgine it has not
fragment problem) to my router will go to IPSEC system before that router do
any thing for it. Ipsec makes a new packet ( perhaps same packet ) and gives
it to router agian. After that router sends it on appropriate Interface.
Imagine my router address is A.
there are these kinds of packets.
1- A regular packet from B to C. Now I just put it under Outbound process.
is there any thing wrong? ) .
2- An IPSEC packet that is not destined to my router. It is also outbound.
is it wrong ? ).
3- An IPSEC packet that is destined to my machine. It is an inbound packet .
Now it goes under inbound process. ( I can agree with you just in this case.
after inbound process I gain another packet that. So it must go under
outbound process.)
Now I just redefine my opinion as the following sentence.
"every packet is outbound else it destined to my machine in tunnel mode.
after inbound process on such a packet I have to process it as outbound"
if this pharase has any error let me know.
sincerely yours
mahdavi.
----- Original Message -----
From: Christophe Gouault <christophe.gouault@6wind.com>
To: mahdavi <mahdavi@sepahan.iut.ac.ir>
Cc: Puja Puri <puja.puri@cdac.ernet.in>; <ipsec@lists.tislabs.com>
Sent: Monday, 03 September, 2001 12:03 عصر
Subject: Re: inbound vs outbound?
> Hello,
>
> "inbound" and "outbound" have nothing to do with IP addresses. Since your
> machine forwards packets, each packet is processed twice by IPsec and is
both
> inbound and outbound :
> first your packet is received on an interface, hence it is processed by
IPsec as
> "inbound". Then it is forwarded and sent on another interface : it is
processed
> by IPsec again, but as an "outbound" packet.
>
> Christophe.
>
> mahdavi wrote:
>
> > Hi
> > U R right about hosts.
> > But I am to design a security gateway in hardaware that is located in
heart
> > of a high speed router that has many interfaces.
> > no packet is generating from my machine. so with your idea there is no
> > outbound there. just pay attention to this fact that every packet that
is
> > destined to my machine is in tunnel mode.
> >
> > By now tell me what is wrong with my opinion
> >
> > "every packet is outbound else its destination IP is IP of this machine
and
> > it is in tunnel mode (this security gateway) ."
> > ----- Original Message -----
> > From: Puja Puri <puja.puri@cdac.ernet.in>
> > To: mahdavi <mahdavi@sepahan.iut.ac.ir>
> > Cc: <ipsec@lists.tislabs.com>
> > Sent: Thursday, 30 August, 2001 9:18 صبح
> > Subject: Re: inbound vs outbound?
> >
> > > I beg to defer from this point of view "that every packet that is not
> > > destined for my machine is outbound". I feel that the packets that are
> > > originating from ur machine are outbound and the remaining packets
> > > recieved by ur machine are inbound irrespective of whether they r
destined
> > > for ur machine or they r forwarded(in which case they also become
> > > outbound).
> > >
> > > Puja Puri
> > > Member of Technical Staff
> > > Networking and Internet Software Group
> > > C-DAC
> > > Pune
> > >
> > > On Wed, 29 Aug 2001, mahdavi wrote:
> > >
> > > > Hi.
> > > > In a security gateway how you can distinguish between an Inbound
packet
> > and outbound packet?
> > > >
> > > > Is this correct ?
> > > > "every packet is outbound else its destination IP is IP of this
machine
> > (this security gateway) .
> > > >
> > > >
> > > >
Follow-Ups:
References: