----- Original Message -----
From: "Lars Eggert" <[EMAIL PROTECTED]>
To: "Dennis Pedersen" <[EMAIL PROTECTED]>
Sent: Monday, April 08, 2002 11:23 PM
Subject: Re: IPsec tunnel mode

> Dennis Pedersen wrote:
> > Because on the [EMAIL PROTECTED] Lars Eggert said something about
> > transport mode, not tunnel mode. This confused me a bit because isnt
> > transport between 2 hosts only
> I said a possibility would be to use IPsec transport mode OVER AN IPIP
> TUNNEL, which is not he same as using transport mode alone (which is
> restricted to host pairs). On the wire, packets generated by either
> approach look identical.

My bad, i think i got the big picture now where you are going with the IPIP
and transport mode..

> > I have also read the
> > ftp://ftp.ietf.org/internet-drafts/draft-touch-ipsec-vpn-03.txt a couple
> > times, but i still cant seem to figure how the transport mode fits into
> > this?
> Forget about security for a moment. Set up a virtual topology using IPIP
> tunnels, and make sure it works. *Then* turn on transport-mode IKE over
> the IPIP tunnels to secure it.

But uhm is there a 'simple' way of doing this? (as in just adding the IP of
the other ends gif interface as destinatio in my routes?
The setup today i an exact copy of (other IP's of course)
This works just fine besides til problem with my routes, arcording to the
draft IPIP is the solution. My Question is now how do i set up with an IPIP
On http://rr.sans.org/firewall/IPSec_VPN.php there is an example, from my
point of view it looks kind of complicated. Can it be made any simpler?
If this is the way to do it,  can i run mutible natd on both my external
interface and the virtual gif interface (the howto creates the gif tunnel
and diverts all trafic into this tunnel with natd on both ends) and how?
(because i can't really se how the ipfw add divert natd can tell the
difference between te 2 sessions of natd)


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Reply via email to