[114718] in North American Network Operators' Group
Re: AH or ESP
daemon@ATHENA.MIT.EDU (Glen Kent)
Fri May 22 19:36:58 2009
In-Reply-To: <75cb24520905221016p18636e18o9eb2834810b792ef@mail.gmail.com>
Date: Sat, 23 May 2009 05:06:43 +0530
From: Glen Kent <glen.kent@gmail.com>
To: Christopher Morrow <morrowc.lists@gmail.com>
Cc: OPS Gurus <nanog@merit.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Yes, thats what i had meant !
On Fri, May 22, 2009 at 10:46 PM, Christopher Morrow <
morrowc.lists@gmail.com> wrote:
> On Fri, May 22, 2009 at 1:04 PM, Glen Kent <glen.kent@gmail.com> wrote:
> > Hi,
> >
> > It is well known in the community that AH is NAT unfriendly while ESP
> cannot
> > be filtered, and most firewalls would not let such packets pass. I am NOT
>
> 'the content of the esp packet can't be filtered in transit' I think
> you mean... right?
>
> > interested in encrypting the data, but i do want origination
> authentication
> > (Integrity Protection). Do folks in such cases use AH or ESP-NULL, given
> > that both have some issues?
> >
> > Thanks,
> > Glen
> >
>
