Re: [IPsec] Can IPSec (RFC 5996) support tunnels with end point being (virtual) CPEs which has a set of workload attached (say Virtual Machines) all having virtual IP addresses?

Tero Kivinen wrote: linda> Possible to have one IPSec tunnel with multiple VMs end points? linda> (i.e. 1<-> N tunnel: A tunnel with one CPE on one end and many VMs linda> on the other end)? >> A single IPsec (4301) tunnel can service traffic between two subnets. >> In IKEv2,

Re: [IPsec] Can IPSec (RFC 5996) support tunnels with end point being (virtual) CPEs which has a set of workload attached (say Virtual Machines) all having virtual IP addresses?

Michael Richardson writes: > linda> Is the "INTERNAL_IP4_ADDRESS" in RFC5996 intended for establishing > linda> IPSec tunnel between remote VMs behind NAPT (all VMs have the virtual > linda> IP address)? > This is used when transport mode is used through a NAPT. > It doesn't apply to tunnel mode.