[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] Layer 2 processing inside IPsec
At 10:33 AM -0700 7/2/04, Paul Lambert wrote:
> >tunnel mode requires that the next header be IP (v4 or v6)
>
>Requireing the next header to be IP is just one type of access
>policy. There is no reason that an access policy could not allow
>other protocols and process/filter them accordingly.
>
>Paul
>
>-
There is a requirement for an IPsec TUNNEL to have an inner IP
header, because of the need to forward the inner packet based on that
header, and because our access control checks are defined relative to
IP and next layer headers. if there is no need to forward the packet
based on an inner IP header, then transport mode is used, and the
access controls are applied to the outer header.
Steeve
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec