[114709] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: AH or ESP

daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri May 22 13:16:55 2009

In-Reply-To: <92c950310905221004v7e7d14a5v7c143141cd4604fb@mail.gmail.com>
Date: Fri, 22 May 2009 13:16:04 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Glen Kent <glen.kent@gmail.com>
Cc: OPS Gurus <nanog@merit.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Fri, May 22, 2009 at 1:04 PM, Glen Kent <glen.kent@gmail.com> wrote:
> Hi,
>
> It is well known in the community that AH is NAT unfriendly while ESP cannot
> be filtered, and most firewalls would not let such packets pass. I am NOT

'the content of the esp packet can't be filtered in transit' I think
you mean... right?

> interested in encrypting the data, but i do want origination authentication
> (Integrity Protection). Do folks in such cases use AH or ESP-NULL, given
> that both have some issues?
>
> Thanks,
> Glen
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[114709] in North American Network Operators' Group

Re: AH or ESP

daemon@ATHENA.MIT.EDU (Christopher Morrow)Fri May 22 13:16:55 2009

daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri May 22 13:16:55 2009