tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IPsec vs ssh
On Nov 15, 7:42am, Thor Lancelot Simon wrote:
} On Fri, Nov 15, 2013 at 12:00:07AM -0800, John Nemeth wrote:
} > } >
} > } > A tunnel is basically encapsulation of any sort. So, when you
} > }
} > } Wrong, wrong, wrong. IPsec has separate tunnel and transport modes.
} >
} > If you had been following the thread, and seen the configuration
} > examples you would have seen that he was using IPSec in tunnel
} > mode. Transport mode, of course, doesn't encapsulate the packet;
} > it simply adds an ESP header (and encrypts the data portion) or an
} > AH header. Regardless of this, the statement that, "A tunnel is
} > basically encapsulation of any sort," stands on it's own, and is
} > correct. NOT WRONG!!!
}
} I'm sorry you're upset, but what you said was still incorrect, and
} shouting about it strikes me as vaguely like spitting at the sky because
} it's raining.
}
} IPsec transport-mode encapsulation is not "a tunnel" by any reasonable
} definition of "a tunnel" I can think of. Neither is the encapsulation
The only person talking about IPSec transport mode is you.
As I said, transport mode does not encapsulate the packet (at least
not in the sense that you take an entire intact packet and stuff
it inside a new packet as the data portion), thus obviously, it is
not a tunnel.
}-- End of excerpt from Thor Lancelot Simon
Home |
Main Index |
Thread Index |
Old Index