[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Outbound SA Bundle processing
Hi Suren,
1. We have interoperated with your solution and your solution supports
second option ie [IP2][AH][IP1][ESP][Original IP packet including header].
I see some emails in very old days supporting this packet format.
2. In regards to your second question, I never encountered this myself so far.
There are two possibilities:
A. [OuterIP Header][AH][ESP][ESP][ESP][Original IP Packet]
B. [OuterIP1][AH][OuterIP2][ESP][OuterIP3][ESP][OuterIP4][ESP][Original IP Pkt]
Option A seems to be better option.
Regards
Ravi
suren wrote:
>Hi,
>
>I have two queries regarding SA Bundle processing.
>
>1) If we have two SAs in an outbound SA Bundle as below,
>
> 1st SA : ESP in tunnel mode.
> 2nd SA : AH in tunnel mode.
>
> What should be the correct format of the packet that is
> produced after applying these two SAs?
>
> i) [IP1][AH][ESP][Original_IP]
>
> Or
>
> ii) [IP2][AH][IP1][ESP][Original_IP]
>
>
>
>2) If we have more than two SAs in an outbound SA Bundle as below,
>
> 1st SA : ESP in tunnel mode, with DES
> 2nd SA : ESP in tunnel mode, with 3DES
> 3rd SA : ESP in tunnel mode, with AES
> 4th SA : AH in tunnel mode.
>
> What should be the correct format of the packet that is
> produced after applying these two SAs?
>
>
>Thanks
>suren
>
>
>
>
>
>