tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPsec vs ssh

On Nov 15,  7:42am, Thor Lancelot Simon wrote:
} On Fri, Nov 15, 2013 at 12:00:07AM -0800, John Nemeth wrote:
} > } > 
} > } >     A tunnel is basically encapsulation of any sort.  So, when you
} > } 
} > } Wrong, wrong, wrong.  IPsec has separate tunnel and transport modes.
} > 
} >      If you had been following the thread, and seen the configuration
} > examples you would have seen that he was using IPSec in tunnel
} > mode.  Transport mode, of course, doesn't encapsulate the packet;
} > it simply adds an ESP header (and encrypts the data portion) or an
} > AH header.  Regardless of this, the statement that, "A tunnel is
} > basically encapsulation of any sort," stands on it's own, and is
} > correct.  NOT WRONG!!!
} I'm sorry you're upset, but what you said was still incorrect, and
} shouting about it strikes me as vaguely like spitting at the sky because
} it's raining.
} IPsec transport-mode encapsulation is not "a tunnel" by any reasonable
} definition of "a tunnel" I can think of.  Neither is the encapsulation

     The only person talking about IPSec transport mode is you.
As I said, transport mode does not encapsulate the packet (at least
not in the sense that you take an entire intact packet and stuff
it inside a new packet as the data portion), thus obviously, it is
not a tunnel.

}-- End of excerpt from Thor Lancelot Simon

Home | Main Index | Thread Index | Old Index