|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Edited Minutes of the 1/29/02 IPS Security Conference callAnswering a private question to the list due to general interest: > When would an initiators IPsec implementation would be > an IPsec gateway one (or is there a scenario where > an initiator would be acting as an IPsec gateway?) When it functions as a security gateway as defined by RFC 2401. The IP Storage specifications would not set down any rules for determining this - there would be a reference to RFC 2401 and implementers would make their own determinations. In general, if there's a private network link (physical or virtual) over which packets are forwarded between the IPsec implementation and the IP Storage implementation (e.g., iSCSI Initiator), then the IPsec implementation is most probably a security gateway. This need not always be the case (e.g., in the presence of sufficient architectural "cleverness"), and there are other situations in which the IPsec implementation may be a security gateway even in the absence of such a private link. Also, please note that Transport mode is not forbidden for security gateways, it is just not required. To understand this topic, there is really no substitute for the relevant portions of RFC 2401 - I would recommend that anyone who is interested in this topic read RFC 2401 from its beginning through at least the end of Section 4.3. Thanks, --David --------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 42 South St., Hopkinton, MA 01748 +1 (508) 249-6449 *NEW* FAX: +1 (508) 497-8500 black_david@emc.com Cell: +1 (978) 394-7754 ---------------------------------------------------
Home Last updated: Fri Feb 01 13:17:55 2002 8595 messages in chronological order |