SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    iSCSI - IPSEC target and transport mode


    • To: ips@ece.cmu.edu
    • Subject: iSCSI - IPSEC target and transport mode
    • From: Pierre Labat <pierre_labat@hp.com>
    • Date: Tue, 26 Mar 2002 15:33:43 -0800
    • Content-Type: multipart/alternative;boundary="------------9A44B409A733EEC983810100"
    • Organization: Hewlett Packard iSCSI-SISL
    • Sender: owner-ips@ece.cmu.edu

    Hello,

    Based on what has been decided in Minneapolis could you confirm
    that the following 4 points till hold true for iSCSI.

    (1)
    RFC2401 Chapter 4.1 page 10 "a host must support both tunnel mode
    and transport mode".

    (2)
    A target that "consumes" the IP destination address (inner in the case
    of a tunnel)  MUST support the transport mode because of (1)
    In this case the target is defined as a "host" in IPSEC terminology.
    "consume" means rip off the IP header, don't forward the IP datagram.

    (3)
    As a consequence of (1) and (2):
    An initiator (an IPSEC host) that talks with a target that "consumes"
    its IP address (inner if tunnel) is guaranteed that it can use
    the transport mode.
    Because the target has to support it based on (2).

    (4)
    When tunnel mode to a target is used where destination address (inner)
    is the same as the outer address,
    that means the target is not an IPSEC gateway but
    an IPSEC host, and transport mode could be used instead of transport
    mode for this SA.
     

    Regards,

    Pierre
     
     
     



Home

Last updated: Mon Jun 10 16:18:44 2002
10639 messages in chronological order