[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CIDR, ipsec flows and routing

To: peter@talarian.com
Subject: Re: CIDR, ipsec flows and routing
From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Date: Tue, 19 Oct 1999 14:13:45 -0400
Cc: tech@openbsd.org


>	Am I trying to do something really stupid?
>	Is this a bug or am I misunderstanding how things should work?
>	Should I just give up on this idea, and try another approach?
>	Is there a way I could make this work?

You are misunderstanding how things should work. The routing and IPsec 
decisions
do not happen at the same level; IPsec occurs first. Thus, if you have
overlapping rules between routing and IPsec, IPsec always "wins".
-Angelos

References:
- CIDR, ipsec flows and routing
  - From: "Peter Walker" <peter@talarian.com>

Prev by Date: isaattach again
Next by Date: Re: fdisk is limited to 8GB
Prev by thread: CIDR, ipsec flows and routing
Next by thread: Mac X and Snapshot available.
Index(es):
- Date
- Thread