Girish Moodalbail wrote: > Darren Reed wrote: > >> Interesting, the use of ipsecconf to manage TCP MD5. >> >> Can I specify that my application will use TCP MD5 >> over an IPsec tunnel, all in the same .conf file? >> > > Well not in the same .conf file. When you have defined a much > secure IPsec policy between the two end points then having > TCP MD5 protection between the same two end points is redundant > and is quite an odd configuration. The IPsec policy overrides the > TCP MD5 policy as it is more secure. > > RFC 2385 was defined to provide protection to BGP traffic using > TCP MD5. But if you are using IPsec between the end points than > TCP MD5 will be irrelevant and is not required. > > However, you could combine transport mode TCP MD5 and a > tunnel-mode IPsec. An IPsec policy (ESP and/or AH) will be attached > to the tunnel and TCP MD5 is applied to the packets near End-host. But > I don't know why one would do that?
I just wanted to understand what the limitations were on the two as a result of being configured by the same policy engine. Darren _______________________________________________ networking-discuss mailing list [email protected]
