You may also want to look at RFC2003, which describes IPIP encapsulation in more detail (and is what IPsec tunnel mode is based on). Lars Amey Gokhale wrote: > you guessed it right amol, outer IP header doesn;t copy inner IP header's option fields. for him, it is just a normal IP payload which has to be encapsulated, whtever may be the inner header/payload contents. > > but it doesn;t imply tht options are not constructed for outer IP header. if the environment needs every packet to be attached with security options....in tht case outer header will attach it;s own option fields. But option fields of inner IP header will not be copied in outer IP header. > > any corrections r welcome. > regards, > amey > > On Tue, 29 Jan 2002 11:13:15 +0530 > "Amol Deshmukh" <adeshmukh@pace.stpp.soft.net> wrote: > >>Hi, >> >> This is regarding the Options field in the outer IP Header for IPsec >>Tunnel mode. >> In RFC2401, section 5.1.2.1 gives the Header construction for Tunnel >>mode. For the Options field, the following line has been printed. >> >>Header fields Outer Header Inner Header >>Options never copied no change >> >>I have a doubt. Does this mean: >>1> IPsec never copies the Options field from the inner Header nor >> does it construct them for the Outer Header ? >>2> IPsec always attaches an outer IP Header of 20 bytes ? >>3> It is not the responsibility of IPsec to attach the Options field for the >> Outer IP header ? >> >>I would be really thankful if you could help me with this. >> >>Thanks and Regards, >>Amol. >> >> >> >> >> -- Lars Eggert <larse@isi.edu> Information Sciences Institute http://www.isi.edu/larse/ University of Southern California
S/MIME Cryptographic Signature