[Mobike] New issue 17: Full connectivity
Stephen Kent
kent at bbn.com
Tue Sep 7 12:44:44 EDT 2004
At 12:27 PM -0700 9/6/04, Srinivasa Rao Addepalli wrote:
>Umm... I guess it depends on how IPSec is implemented.
>
>At the originitaing security gateway must know the remote peer IP
>address and uses
>it as Destination IP address.
right.
>On the receiving end, some implementations would only check if the destination
>IP address of the received packet is its local IP address. If so, it
>consumes the
>packet and if not, the packet is forwarded. Some implementation
>might go beyond
>this and might even look for exact match.
If the destination is a security gateway, it must distinguish between
IPsec traffic addressed to it and IPsec (or non-IPsec) traffic
addressed to hosts behind it, and thus potentially bypassed. So, in
that context, it is necessary to pay attention to the destination
address!
Steve
More information about the Mobike
mailing list