[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec in tunnel mode and dynamic routing



On 19 Nov 2001, Derek Atkins wrote:
> ...Aren't dynamic routing and access-control
> checks mutually exclusive in the "core"?

Not necessarily.  Dynamic routing doesn't have to be an all-or-nothing
process; it's quite conceivable to have dynamic routing operating within
access-control restrictions.  The simple example is having separate IPsec
connections to two different gateways into the same corporate network, to
protect your traffic against gateway outages.  People really want to be
able to do redundant, dynamically-selected paths for IPsec traffic. 

                                                          Henry Spencer
                                                       henry@spsystems.net



Follow-Ups: References: