Re: IPCOMP and IPSEC
Daniel Harkins <dharkins@cisco.com> Wed, 27 May 1998 23:07 UTC
Return-Path: dharkins@cisco.com
Received: from beasley.cisco.com (mailgate-sj-2.cisco.com [171.69.2.135]) by ftp-eng.cisco.com (8.8.5-Cisco.1/8.6.5) with ESMTP id QAA07255 for <ippcp-archive-file@ftp-eng.cisco.com>; Wed, 27 May 1998 16:07:33 -0700 (PDT)
Received: from jindo.cisco.com (jindo.cisco.com [171.69.43.22]) by beasley.cisco.com (8.8.4-Cisco.1/CISCO.GATE.1.1) with ESMTP id QAA17981 for <ippcp@external.cisco.com>; Wed, 27 May 1998 16:07:02 -0700 (PDT)
Received: from dharkins-ss20.cisco.com (dharkins-ss20.cisco.com [171.69.56.149]) by jindo.cisco.com (8.8.5-Cisco.2-SunOS.5.5.1.sun4/8.6.5) with ESMTP id QAA20964; Wed, 27 May 1998 16:06:59 -0700 (PDT)
Received: from localhost.cisco.com (localhost.cisco.com [127.0.0.1]) by dharkins-ss20.cisco.com (8.6.8+c/CISCO.WS.1.1) with SMTP id QAA26796; Wed, 27 May 1998 16:06:59 -0700
Message-Id: <199805272306.QAA26796@dharkins-ss20.cisco.com>
X-Authentication-Warning: dharkins-ss20.cisco.com: Host localhost.cisco.com didn't use HELO protocol
To: Stephen Waters <Stephen.Waters@digital.com>
Cc: ippcp@external.cisco.com, ipsec@tis.com
Subject: Re: IPCOMP and IPSEC
In-Reply-To: Your message of "Wed, 27 May 1998 23:19:08 BST." <250F9C8DEB9ED011A14D08002BE4F64C01959165@wade.reo.dec.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 27 May 1998 16:06:58 -0700
From: Daniel Harkins <dharkins@cisco.com>
Stephen, > Is IPCOMP restricted for use by Hosts (at packet origin), or can it be > appended by a Security Gateway as part of the process of adding an IPSEC > tunnel header? Sure, it can be done in a Security Gateway. > e.g. > > Original host packet [IP1][TCP][data] > > After passing through a security gateway/IP tunnel: > > [IP2][ESP][IPCOMP][IP1][TCP][data][padding/next protocol][ESP auth] > > If this is supported, is it detailed anywhere? For example, if an > Explicit IV is used, would it come after the ESP header or after the > IPCOMP header? It would have to come after the ESP header. Since the next header field is encrypted the recipient would have no idea yet that IPCOMP has been added and not know to skip over that field. Anybody out there want to test IPSec and IPCOMP together? Send me an email. Dan.
- Re: IPCOMP and IPSEC Daniel Harkins
- IPCOMP and IPSEC Stephen Waters
- Re: IPCOMP and IPSEC Daniel Harkins
- Re: IPCOMP and IPSEC Naganand Doraswamy
- Re: IPCOMP and IPSEC Saroop Mathur
- Re: IPCOMP and IPSEC Eric Dean
- Re: IPCOMP and IPSEC Marc Hasson
- Re: IPCOMP and IPSEC Marc Hasson
- RE: IPCOMP and IPSEC Avram Shacham
- FW: IPCOMP and IPSEC Stephen Waters
- RE: IPCOMP and IPSEC Avram Shacham
- Re: IPCOMP and IPSEC Daniel Harkins
- RE: IPCOMP and IPSEC Roy Pereira
- RE: IPCOMP and IPSEC Roy Pereira
- Re: IPCOMP and IPSEC Daniel Harkins
- RE: IPCOMP and IPSEC Roy Pereira
- RE: IPCOMP and IPSEC Eric Dean
- RE: IPCOMP and IPSEC Stephen Waters
- RE: IPCOMP and IPSEC Eric Dean
- RE: IPCOMP and IPSEC Eric Dean
- Re: IPCOMP and IPSEC Stephen Kent
- RE: IPCOMP and IPSEC Robert Moskowitz
- RE: IPCOMP and IPSEC Avram Shacham
- RE: IPCOMP and IPSEC Paul Koning