'Re: [Ipsec-tools-devel] tunnel is not forming when source and dest network is same.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec-tools-devel
Subject:    Re: [Ipsec-tools-devel] tunnel is not forming when source and dest network is same.
From:       Rainer Weikusat <rweikusat () mobileactivedefense ! com>
Date:       2015-07-08 14:41:06
Message-ID: 877fqayanx.fsf () doppelsaurus ! mobileactivedefense ! com
[Download RAW message or body]

Ramgopal goud <bgoudksrm@gmail.com> writes:

> Hi Can anyone help me in resolving below issue,
>
>      I am adding a rule as shown below (Using RACOON, IKEv1).
>
> IPSec Rule          : test1-1
> Owner               : /CLA-0
> *Source address      : 1.1.1.0/24 <http://1.1.1.0/24>*
> *Destination address : 1.1.1.0/24 <http://1.1.1.0/24>*
> Protocol            : 0
> Action              : esp
> VPN                 : test1-1
> Source port         : 0
> Destination port    : 0
> Direction           : both
> VRF instance        : default
>
> In this above rule, source and destination are same and 1.1.1.0/24.

This cannot possibly work: Whether or not (and how) 'IPsec' is supposed
to be applied to some datagram is determined by searching the SPD
(security policy database) for a matching rule using source and
destination address for lookup. There are different kinds of rules
requesting different manipulations, eg, an 'in' rule instructs the IPsec
layer to decrypt and de-encapsulate in order to recover an original
datagram (in tunnel mode) while an 'out' rule requests encapsulation and
encryption in order to turn an original datagram into a IPsec message
for actual transmission. If source and destination are identical, both
in and out rules will match --- so what to do with the datagram now?

If you really want to use IPsec between hosts on the same IPv4 network,
you'll have to use the respective source and destination host addresses.

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Ipsec-tools-devel mailing list
Ipsec-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic