[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec SAs
On Fri, 18 Jul 2003, George Hadjichristofi wrote:
> Based on RFC2401, does that mean that A will only be able to talk to B and
> no other nodes on the network, or just that it will talk to B via a secure
> tunnel and to everybody else in cleartext?
Depends on software and configuration. Either choice might be desirable,
depending on the circumstances.
> Should A be able to talk to Gateway2?
If Gateway2 is a member of subnet B, it should be possible (although the
implementation of this can be tricky). Otherwise, there's nothing in
having a tunnel to B that would permit it.
Henry Spencer
henry@spsystems.net
- References:
- ipsec SAs
- From: "George Hadjichristofi" <ghadjich@vt.edu>