[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 02192) Re: IPSec over TCP
- To: "Peter Bieringer" <pb@xxxxxxxxxxxx>, <usagi-users@xxxxxxxxxxxxxx>
- Subject: (usagi-users 02192) Re: IPSec over TCP
- From: "BUYCK Jacky FTRD/DMI/CAE" <jacky.buyck@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 11 Feb 2003 14:39:44 +0100
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- Thread-index: AcLRzp6pc8OIPfgeTpi9xgdx2Z/gMwAA6edg
- Thread-topic: (usagi-users 02190) Re: IPSec over TCP
--On Tuesday, February 11, 2003 11:28:57 AM +0100 "BUYCK Jacky
FTRD/DMI/CAE" <jacky.buyck@xxxxxxxxxxxxxxxxxxxx> wrote:
>> Really ?
>> Because there is solution that encapsulate IPSec packet in UDP and
>> in TCP (the CISCO VPN 300 do the two kind of encapsulation).
>
>Did you mean that the full ESP payload was encapsulated in UDP or TCP
>or only IKE over TCP instead of UDP?
First choice. I search after all IKE and ESP encapsulation in TCP.
>If first, UDP encapsulation is a common method for NAT traversal,
>perhaps Cisco extend this for TCP also to make transport more
>reliable.
>
>UDP encapsulation is afaik supported by newer FreeS/WAN (correct me
>if I'm wrong). TCP encap never heard.
I have all information about UDP encap. I need some about TCP encap
because
I wasn't abble to find anything on the net. So like I've see this on
USAGI post
I've thank that someone have ideas of good and bad points regarding this
subject.
>But both encaps are not needed for IPv6 because here is no NAT
>defined.
> Peter
>--
>Dr. Peter Bieringer http://www.bieringer.de/pb/
>GPG/PGP Key 0x958F422D mailto: pb at bieringer dot de
>Deep Space 6 Co-Founder and Core Member http://www.deepspace6.net/
I'll seach a little bit more. So thanks for your help.