SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: IPSec and ESP (Tunnel Mode)



    Ranga,
    
    > The iSCSI specification requires targets (and initiators)
    > to support IPSec, with the following specific requirements 
    >         * MUST implement IPsec with ESP in tunnel mode. 
    > Isnt the tunnel mode typically used by intermediate stations such
    > as firewall/vpn/router boxes? 
    > Why should this be a MUST for targets which act as end stations?
    
    This was controversial at the time.  A significant portion of the
    WG wanted to be able to meet the IPsec requirement via an external
    IPsec gateway that would necessarily operate in tunnel mode.  Note
    that for this approach, the only interface that fully complies with
    the requirements of the (coming soon) iSCSI RFC is on the public side
    of the IPsec gateway - the internal interface between iSCSI and the
    private side of the gateway does not comply due to the absence of
    IPsec.  In addition, all IPsec implementations, including end
    stations, are required to implement tunnel mode (e.g., so that
    they can talk to intermediate stations).
    
    Thanks,
    --David
    ----------------------------------------------------
    David L. Black, Senior Technologist
    EMC Corporation, 176 South St., Hopkinton, MA  01748
    +1 (508) 293-7953             FAX: +1 (508) 293-7786
    black_david@emc.com        Mobile: +1 (978) 394-7754
    ----------------------------------------------------
    


Home

Last updated: Wed Apr 23 14:19:49 2003
12541 messages in chronological order