FW: IPCOMP and IPSEC
Stephen Waters <Stephen.Waters@digital.com> Sat, 30 May 1998 01:38 UTC
Return-Path: Stephen.Waters@digital.com
Received: from kickme.cisco.com (kickme.cisco.com [198.92.30.42]) by ftp-eng.cisco.com (8.8.5-Cisco.1/8.6.5) with ESMTP id SAA08588 for <ippcp-archive-file@ftp-eng.cisco.com>; Fri, 29 May 1998 18:38:00 -0700 (PDT)
Received: from proxy1.cisco.com (proxy1.cisco.com [192.31.7.88]) by kickme.cisco.com (8.8.5-Cisco.2-SunOS.5.5.1.sun4/CISCO.GATE.1.1) with ESMTP id LAA17688 for <ippcp@external.cisco.com>; Thu, 28 May 1998 11:02:37 -0700 (PDT)
Received: (from smap@localhost) by proxy1.cisco.com (8.8.7/8.8.5) id LAA12619 for <ippcp@external.cisco.com>; Thu, 28 May 1998 11:02:35 -0700 (PDT)
Received: from mail11.digital.com(192.208.46.10) by proxy1.cisco.com via smap (V2.0) id xma012601; Thu, 28 May 98 18:02:29 GMT
X-SMAP-Received-From: outside
Received: from reohub2.reo.dec.com (reohub2.reo.dec.com [16.37.21.19]) by mail11.digital.com (8.8.8/8.8.8/WV1.0e) with ESMTP id NAA20995; Thu, 28 May 1998 13:58:36 -0400 (EDT)
Received: by reohub2.reo.dec.com with Internet Mail Service (5.5.1960.3) id <L4R2QPNG>; Thu, 28 May 1998 18:58:35 +0100
Message-ID: <250F9C8DEB9ED011A14D08002BE4F64C01959181@wade.reo.dec.com>
From: Stephen Waters <Stephen.Waters@digital.com>
To: Roy Pereira <rpereira@TimeStep.com>
Cc: ipsec@tis.com, ippcp@external.cisco.com
Subject: FW: IPCOMP and IPSEC
Date: Thu, 28 May 1998 18:55:40 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.1960.3)
Content-Type: text/plain
Ah, so there is some confusion then. I think (thought) the right thing to do was put the IPCOMP header outside the original IP header though - that makes it obvious that the peer SG need to strip it off before forwarding the original packet. If the IPCOMP was inserted after IP1 by a SG, how would the receiving SG know whether to extract it again - it looks identical to a packet that has been compression by the original host. Steve. IPComp may be added by a security gateway just like IPSec ESP/AH is added. It would probably look like this though: [IP2] [ESP spi+replay+iv] [IP1] [IPCOMP] [TCP] [data] [ESP padding+next protocol+auth] > -----Original Message----- > From: Stephen Waters [mailto:Stephen.Waters@digital.com] <mailto:[mailto:Stephen.Waters@digital.com]> > Sent: Wednesday, May 27, 1998 6:19 PM > To: ippcp@external.cisco.com; <mailto:ippcp@external.cisco.com;> ipsec@tis.com <mailto:ipsec@tis.com> > Subject: IPCOMP and IPSEC > > > > Is IPCOMP restricted for use by Hosts (at packet origin), or can it be > appended by a Security Gateway as part of the process of > adding an IPSEC > tunnel header? > > e.g. > > Original host packet [IP1][TCP][data] > > After passing through a security gateway/IP tunnel: > > [IP2][ESP][IPCOMP][IP1][TCP][data][padding/next protocol][ESP auth] > > > If this is supported, is it detailed anywhere? For example, if an > Explicit IV is used, would it come after the ESP header or after the > IPCOMP header? > > > > > > Stephen Waters > DEVON, UK > > National: 01548 551012 / 550474 > International: 44 1548 551012 / 550474 > Stephen.Waters@Digital.com >
- Re: IPCOMP and IPSEC Daniel Harkins
- IPCOMP and IPSEC Stephen Waters
- Re: IPCOMP and IPSEC Daniel Harkins
- Re: IPCOMP and IPSEC Naganand Doraswamy
- Re: IPCOMP and IPSEC Saroop Mathur
- Re: IPCOMP and IPSEC Eric Dean
- Re: IPCOMP and IPSEC Marc Hasson
- Re: IPCOMP and IPSEC Marc Hasson
- RE: IPCOMP and IPSEC Avram Shacham
- FW: IPCOMP and IPSEC Stephen Waters
- RE: IPCOMP and IPSEC Avram Shacham
- Re: IPCOMP and IPSEC Daniel Harkins
- RE: IPCOMP and IPSEC Roy Pereira
- RE: IPCOMP and IPSEC Roy Pereira
- Re: IPCOMP and IPSEC Daniel Harkins
- RE: IPCOMP and IPSEC Roy Pereira
- RE: IPCOMP and IPSEC Eric Dean
- RE: IPCOMP and IPSEC Stephen Waters
- RE: IPCOMP and IPSEC Eric Dean
- RE: IPCOMP and IPSEC Eric Dean
- Re: IPCOMP and IPSEC Stephen Kent
- RE: IPCOMP and IPSEC Robert Moskowitz
- RE: IPCOMP and IPSEC Avram Shacham
- RE: IPCOMP and IPSEC Paul Koning