|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: IPSec and ESP (Tunnel Mode)Ranga, > The iSCSI specification requires targets (and initiators) > to support IPSec, with the following specific requirements > * MUST implement IPsec with ESP in tunnel mode. > Isnt the tunnel mode typically used by intermediate stations such > as firewall/vpn/router boxes? > Why should this be a MUST for targets which act as end stations? This was controversial at the time. A significant portion of the WG wanted to be able to meet the IPsec requirement via an external IPsec gateway that would necessarily operate in tunnel mode. Note that for this approach, the only interface that fully complies with the requirements of the (coming soon) iSCSI RFC is on the public side of the IPsec gateway - the internal interface between iSCSI and the private side of the gateway does not comply due to the absence of IPsec. In addition, all IPsec implementations, including end stations, are required to implement tunnel mode (e.g., so that they can talk to intermediate stations). Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david@emc.com Mobile: +1 (978) 394-7754 ----------------------------------------------------
Home Last updated: Wed Apr 23 14:19:49 2003 12541 messages in chronological order |