Hi
I am implementing an IPsec masquerading service for vxWorks for our product. I had some questions... I would appreciate if somebody could clarify them for me.
is ISAKMP icookie masquerading acceptable or the remote server has some way of distinguishing icookies coming from the source security gateway / masquerading gateway and will reject if the masquerading gateway changes the icookie value.
is there a way to distinguish tunnel mode from transport mode just by looking at an ESP packet.
is there any relation between the ISAKMP icookie and the ESP SPI ( i mean is the value of SPI dependent on the icookie value or is it pretty much a random selection from a range of unused SPIs).
Thanks a lot
-Bik
------------------------------------------------------------------------------------------
Bik
Singh
818-575-2518 (Off)
Research
Scientist
818-597-1502 (Fax)
Product
Development 31355
Agoura Road
Nomadix
Westlake Village, CA 91361