[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec SAs



On Fri, 18 Jul 2003, George Hadjichristofi wrote:
> Based on RFC2401, does that mean that A will only be able to talk to B and
> no other nodes on the network, or just that it will talk to B via a secure
> tunnel and to everybody else in cleartext?

Depends on software and configuration.  Either choice might be desirable,
depending on the circumstances.

> Should A be able to talk to Gateway2?

If Gateway2 is a member of subnet B, it should be possible (although the
implementation of this can be tricky).  Otherwise, there's nothing in
having a tunnel to B that would permit it.

                                                          Henry Spencer
                                                       henry@spsystems.net