|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: IPSEC target and transport mode>I am very interested if some of the OS vendors out there can tell me >what >their plans are. I am hoping not to have to implement IPsec on >OS driver >stacks for my product, in fact I would love to just use the > >implementations that exist on various operating system platforms as >they >exist today. > >Is there anyone who can speak for what Solaris/Windows/Linux/AIX are > >planning on doing in this space. Planning? Almost all operating systems shipped support for IPsec, including both tunnel mode and transport mode, quite a while ago. So if it's software implementations you're interested in, my sense is that most implementations should be quite capable of being configured with a simple IPsec policy to protect iSCSI, iFCP or FCIP. This policy would typically look like: "use IPsec from me to any dest port IPS" on outbound and "require IPsec from any to me, dest port IPS" on inbound. > >I know at one point NT was not fond of tunnel mode, but prefered to > >implement L2TP over Transport Mode for tunneling... To be clear, Windows 2000 and XP support tunnel mode, transport mode as well as IPsec/L2TP tunneling. Transport mode encapsulation works better, for the reasons described in http://www.ietf.org/internet-drafts/draft-touch-ipsec-vpn-03.txt so that this is not really an implementation-specific issue. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
Home Last updated: Fri Apr 05 15:18:25 2002 9529 messages in chronological order |