|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: IPSEC target and transport modeExcerpt of message (sent 27 March 2002) by Bill Studenmund: > As I understand tunnel mode, you have an IPsec security gateway in the > topology. Among other things, that means we won't readily have end-to-end > security, since you have security from the gateway to the device, not > necessarily the initiator to the device. > > How do you suggest we achieve end-to-end security without transport mode a > MUST? > > Specifically the topology I have in mind is I make a dedicated IP SAN, and > want ESP from the file servers to the storage boxes. They are all on the > same (GigE) subnet. How do I get this level of security (end-to-end) with > just tunnel mode? Tunnel mode enables the use of (separate) security gateways. It does NOT require them. It is perfectly reasonable to do end to end security with tunnel mode. To do so, you terminate the tunnels at the storage nodes. Some users will require end to end security, others will prefer site to site security. Tunnel mode is the common mechanism that supports both needs. paul
Home Last updated: Wed Apr 03 12:18:23 2002 9446 messages in chronological order |