[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02191) Re: IPSec over TCP

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 02191) Re: IPSec over TCP
From: Peter Bieringer <pb@xxxxxxxxxxxx>
Date: Tue, 11 Feb 2003 14:08:00 +0100
Cc: "BUYCK Jacky FTRD/DMI/CAE" <jacky.buyck@xxxxxxxxxxxxxxxxxxxx>
In-reply-to: <C691E039D3895C44AB8DFD006B950FB4013FC794@lanmhs50.rd.francetelecom.fr>
References: <C691E039D3895C44AB8DFD006B950FB4013FC794@lanmhs50.rd.fran cetelecom.fr>
Reply-to: usagi-users@xxxxxxxxxxxxxx

--On Tuesday, February 11, 2003 11:28:57 AM +0100 "BUYCK Jacky
FTRD/DMI/CAE" <jacky.buyck@xxxxxxxxxxxxxxxxxxxx> wrote:

> Really ?
> Because there is solution that encapsulate IPSec packet in UDP and
> in TCP (the CISCO VPN 300 do the two kind of encapsulation).

Did you mean that the full ESP payload was encapsulated in UDP or TCP
or only IKE over TCP instead of UDP?

If first, UDP encapsulation is a common method for NAT traversal,
perhaps Cisco extend this for TCP also to make transport more
reliable.

UDP encapsulation is afaik supported by newer FreeS/WAN (correct me
if I'm wrong). TCP encap never heard.

But both encaps are not needed for IPv6 because here is no NAT
defined.

        Peter
-- 
Dr. Peter Bieringer                     http://www.bieringer.de/pb/
GPG/PGP Key 0x958F422D               mailto: pb at bieringer dot de 
Deep Space 6 Co-Founder and Core Member  http://www.deepspace6.net/

References:
- (usagi-users 02190) Re: IPSec over TCP
  - From: BUYCK Jacky FTRD/DMI/CAE

Prev by Date: (usagi-users 02190) Re: IPSec over TCP
Next by Date: (usagi-users 02192) Re: IPSec over TCP
Previous by thread: (usagi-users 02190) Re: IPSec over TCP
Next by thread: (usagi-users 02192) Re: IPSec over TCP
Index(es):
- Date
- Thread