[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: 3rd try -- 2401bis issue 91 -- handling ICMP error messages
>
>It seems to me that in general the description of handling
>ICMP messages must be divorced from the presumption of any
>a-priori knowledge on the part of the IPsec implementation as to which
>networks are red and which are black, or which hosts are trusted
>and which aren't.
Mike,
In general, IPsec provides a barrier wihtin a device (host, BITW, or
SG), with red (friendly) interfaces on one side of the barrier and
black (hostile) interfaces on the other. The SPD controls what we
allow across the barrier, and whether we protect it or not.
If one wants to provide security services for each, individual
interface, then one needs to think of applying IPsec to each
interface independently, nominally replicating the Ipsec instance for
each interface. For example, if one has a security gateway with four
interfaces, you could out IPsec on each interface card or you could
have one Ipsec instance for the device as a whole, consistent with
the model.
In most cases, the single instance, red/black model works pretty well.
the terms "trusted" and "untrusted" are not ones I like to use here.
for example, we may establish a tunnel to an SG at a site, but that
does not mean that we just trust the site. We apply selector checks
on the packets that emerge from the tunnel precisely because we do
not just trust the site or the remote SG.
Steve