SA bundle negotiation
David Tannheimer <dtannhei@nortelnetworks.com> Fri, 15 October 1999 16:00 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by mail.imc.org (8.9.3/8.9.3) with ESMTP id JAA29888; Fri, 15 Oct 1999 09:00:59 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id KAA04426 Fri, 15 Oct 1999 10:19:20 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <14343.14150.578359.846546@gargle.gargle.HOWL>
Date: Fri, 15 Oct 1999 10:16:38 -0400
From: David Tannheimer <dtannhei@nortelnetworks.com>
To: ipsec@lists.tislabs.com
Subject: SA bundle negotiation
X-Mailer: VM 6.71 under Emacs 19.34.1
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
I apologize in advance if this has already been beaten to death on the list. I have a question as to the right way to negotiate encapsulation mode for certain ipsec SA bundles, to ensure interoperability. I've heard various arguments, but I need a larger feedback sampling. To achieve the following encapsulation format, should both the ESP transform payload and the AH transform payload (in the quick mode exchange) specify Tunnel mode, or is ESP in Tunnel mode and AH in Transport mode? ----------------------------------------- | Outer | AH | ESP | Orig | Payload | | IP Hdr | Hdr | Hdr | IP Hdr | | ----------------------------------------- Same idea here. Should IPComp be negotiated as Tunnel mode, with both ESP and AH in Transport mode, or are they all negotiated as Tunnel mode? -------------------------------------------------- | Outer | AH | ESP | IPComp | Orig | Payload | | IP Hdr | Hdr | Hdr | Hdr | IP Hdr | | -------------------------------------------------- Thanks, Dave
- SA bundle negotiation David Tannheimer
- RE: SA bundle negotiation Sankar Ramamoorthi