[strongSwan] IPSEC Processing on a Security Gateway
Bharat S
bharat.sarvan at yahoo.com
Sat Jan 8 06:18:24 CET 2011
Hi all,
I have a question regarding IPSec processing on Security Gateway (SEG).
Consider a network as below.
Host A ----------------------Gateway
--------------------Gateway--------------------Host B
1 2
If suppose the IPSec tunnel is required to be initiated from Host A to Host B, I
was wondering how will the IPSec packets be
processed on route to Host B. Lets say its ESP in tunnel mode. The packet from
Host A to Gateway 1 would appear as below
New IP | ESP | Orig IP | UDP
My question is, when this packet is received on Gateway 1, will the ESP header
of this packet be decrypted to form another ESP
and the resulting packet going out would appear like
New IP | ESP | Orig IP | UDP
OR
Or its the entire IP packet received is given as input to form another ESP
packet.. And the resulting packet going out would appear like
New IP | ESP | IP | ESP | Orig IP | UDP
|<-----------hashed---------> |
I hope you have got my question. Please correct me If am wrong at any place..
And would appreciate if you could guide me to some
specification that explains the IPSec Processing on Gateways.
Many Thanks,
Bharat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110107/3c77cea5/attachment.html>
More information about the Users
mailing list