[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

routing and outbound.



Hi.
 
Imagine an IPSEC armed router. As any knows routers have interfaces. Each interface may be IPSEC enabled or not( Am I right !!?? ).
 
Upon arrival of any packet to router which serries of task must be done on the acket?
 
1- Inbound , Outbound and then Routing.
2- Inbound , Routing and then Outbound.
3- Routing , inbound and then Outbound.
 
each of these configuration has weaknesses.
 
a)-in case 1 there is high probability danger of denial of service for protected subnetwork when at least one of routers interfaces is IPSEC unarmed.
b)-case 2 has logical flaw. After Outbound process new packet will be made with new IP header. so this needs routing again.
c)- case 3 means that IPSEC Process must be done after Routing. this has spoofing danger.
 
now what configuration is correct or may be I have a basic missundrestanding.
 
best regars
 
mahdavi

Follow-Ups: