Return-Path: <owner-ips@ece.cmu.edu>
X-Sieve: cmu-sieve 2.0
Return-Path: <owner-ips@ece.cmu.edu>
Received: (from majordom@localhost)
	by ece.cmu.edu (8.11.0/8.10.2) id h3LK94r23105
	for ips-outgoing; Mon, 21 Apr 2003 16:09:04 -0400 (EDT)
X-Authentication-Warning: ece.cmu.edu: majordom set sender to owner-ips@ece.cmu.edu using -f
Received: from mx01.netapp.com (mx01.netapp.com [198.95.226.53])
	by ece.cmu.edu (8.11.0/8.10.2) with ESMTP id h3LJF0319229
	for <ips@ece.cmu.edu>; Mon, 21 Apr 2003 15:15:00 -0400 (EDT)
Received: from frejya.corp.netapp.com (frejya [10.10.20.91])
	by mx01.netapp.com (8.12.9/8.12.9/NTAP-1.4) with ESMTP id h3LJErFB027566
	for <ips@ece.cmu.edu>; Mon, 21 Apr 2003 12:14:53 -0700 (PDT)
Received: from svlexc02.hq.netapp.com (svlexc02.corp.netapp.com [10.10.22.188])
	by frejya.corp.netapp.com (8.12.9/8.12.9/NTAP-1.4) with ESMTP id h3LJEqAb007306
	for <ips@ece.cmu.edu>; Mon, 21 Apr 2003 12:14:53 -0700 (PDT)
Received: from rtpexc01.hq.netapp.com ([10.60.4.46]) by svlexc02.hq.netapp.com with Microsoft SMTPSVC(5.0.2195.5329);
	 Mon, 21 Apr 2003 12:14:52 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C3083A.484BD35F"
Subject: IPSec and ESP (Tunnel Mode)
Date: Mon, 21 Apr 2003 15:14:51 -0400
Message-ID: <B80BB115B1994D4BABC1B81FFFA1CAC7017C6DE0@rtpexc01.hq.netapp.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: IPSec and ESP (Tunnel Mode)
Thread-Index: AcMIOkhTN9fPGNOXTQSw1R4ksIbrew==
From: "Sankar, Ranga" <Ranga.Sankar@netapp.com>
To: <ips@ece.cmu.edu>
X-OriginalArrivalTime: 21 Apr 2003 19:14:52.0048 (UTC) FILETIME=[48E33100:01C3083A]
Sender: owner-ips@ece.cmu.edu
Precedence: bulk

This is a multi-part message in MIME format.

------_=_NextPart_001_01C3083A.484BD35F
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


The iSCSI specification requires targets (and initiators)
to support IPSec, with the following specific requirements
	* MUST implement IPsec with ESP in tunnel mode.

Isnt the tunnel mode typically used by intermediate stations such as=20
firewall/vpn/router boxes?

Why should this be a MUST for targets which act as end stations?

-ranga


------_=_NextPart_001_01C3083A.484BD35F
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.0.6249.1">
<TITLE>IPSec and ESP (Tunnel Mode)</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<BR>

<P><FONT SIZE=3D2 FACE=3D"Courier New">The iSCSI specification requires =
targets (and initiators)</FONT>

<BR><FONT SIZE=3D2 FACE=3D"Courier New">to support IPSec, with the =
following specific requirements</FONT>

<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <FONT SIZE=3D2 =
FACE=3D"Courier New">* MUST implement IPsec with ESP in tunnel =
mode.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Isnt the tunnel mode typically =
used by</FONT> <FONT SIZE=3D2 FACE=3D"Courier New">intermediate stations =
such as </FONT>

<BR><FONT SIZE=3D2 FACE=3D"Courier New">firewall/vpn/router =
boxes?</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Why should this be a MUST for =
targets which act as end stations?</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">-ranga</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C3083A.484BD35F--