[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipsec masqueradin

To: "'jhardin@wolfenet.com'" <jhardin@wolfenet.com>
Subject: ipsec masqueradin
From: Bikramjit Singh <BSingh@Nomadix.com>
Date: Tue, 16 Oct 2001 14:18:51 -0700
Sender: owner-ipsec@lists.tislabs.com

Title: ipsec masqueradin

I am implementing an IPsec masquerading service for vxWorks for our product. I had some questions... I would appreciate if somebody could clarify them for me.

is ISAKMP icookie masquerading acceptable or the remote server has some way of distinguishing icookies coming from the source security gateway / masquerading gateway and will reject if the masquerading gateway changes the icookie value.
is there a way to distinguish tunnel mode from transport mode just by looking at an ESP packet.
is there any relation between the ISAKMP icookie and the ESP SPI ( i mean is the value of SPI dependent on the icookie value or is it pretty much a random selection from a range of unused SPIs).

Thanks a lot

-Bik

------------------------------------------------------------------------------------------
Bik Singh                                   818-575-2518 (Off)
Research Scientist                      818-597-1502 (Fax)
Product Development                  31355 Agoura Road
Nomadix                         Westlake Village, CA 91361

Prev by Date: Re: DataStructure for Storing SPD,SA Entries
Next by Date: No Subject
Prev by thread: how Nonce payload be used to prevent replay attack
Next by thread: No Subject
Index(es):
- Main
- Thread