Re: AH (without ESP) on a secure gateway
pau@watson.ibm.com Wed, 27 November 1996 21:59 UTC
Received: from cnri by ietf.org id ad29226; 27 Nov 96 16:59 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa21881; 27 Nov 96 15:55 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id PAA17619 for ipsec-outgoing; Wed, 27 Nov 1996 15:48:21 -0500 (EST)
From: pau@watson.ibm.com
Date: Wed, 27 Nov 1996 15:53:29 -0500
Message-Id: <9611272053.AA22380@secpwr.watson.ibm.com>
To: ipsec@tis.com
Subject: Re: AH (without ESP) on a secure gateway
Cc: isakmp-oakley@cisco.com
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Md5: b4Ny6eHOqoEJQTvjvj0zEA==
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id PAA17616
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
I have a question triggered by the discussion : If two firewalls (gateways), IDii and IDir, did a successful ISAKMP phase-II proxy negotiation for IDui and IDur. Then, which one is the right usage of the SA resulting from the negotiation : 1. The SA is shared between IDii and IDir (the gateways), and IDii IDir are performing IPSEC protection on traffic between IDui and IDur. In this case, IDui and IDur are unware of the IPSEC protection. 2. The SA is shared between IDui and IDur and IDui and IDur perform IPSEC by themselves. IDii and IDir (the gateways) become more or less (IPSEC) transparent. Pau-Chen
- AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway pau
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway William Allen Simpson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway David P. Kemp
- Re: Re[2]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: AH (without ESP) on a secure gateway Hilarie Orman
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[2]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[4]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Karl Fox
- Re[5]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: Re[5]: AH (without ESP) on a secure gateway Bob Monsour
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Perry E. Metzger
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Ran Atkinson
- Re: Re[5]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re: Re[2]: AH (without ESP) on a secure gateway Uri Blumenthal
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: Re[2]: AH (without ESP) on a secure gateway Naganand Doraswamy
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[2]: AH (without ESP) on a secure gateway Dan Frommer