This is the third instance of confusion of NAT-PT & 6to4 I have come across
in the last two weeks. 6to4 is not a 'translating router'. It simply
allocates IPv6 addresses based on its IPv4 address, then encapsulates IPv6
packets in IPv4 for transiting the IPv4 network. Any IPsec should be
end-to-end as IPv6 packets, and the 6to4 router should be unaware.
Tony
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Richard Draves
Sent: Thursday, May 17, 2001 10:06 AM
To: Dollinger, MatthewX; Ipng Posts (E-mail)
Subject: RE: IPSec in a v6tov4 environment...
Why not just use end-to-end IPsec over IPv6? I do not see what
difficulty 6to4 introduces.
Rich
> -----Original Message-----
> From: Dollinger, MatthewX [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, May 17, 2001 10:00 AM
> To: Ipng Posts (E-mail)
> Subject: IPSec in a v6tov4 environment...
>
>
> There is a debate going around our lab about whether or
> not it is possible to secure a 6to4 network.
>
> The argument in favor is as follows:
> Secure the Ipv4 side with standard IPSec. Have
> a secure connection (Still IPv4) with the 6to4 translating router.
> Secure the Ipv6 side with Ipv6 Ipsec. Have a
> secure (Ipv6) connection to the 6to4 translating router.
> The theory is that the 6to4 router will
> un-encrypt
> the Ipv4 data, and re-encrypt it when sending to the Ipv6 network.
>
> Another theory is that the Ipv6 IPSec and the Ipv4
> IPSec will be able to establish a security association with
> each other, as long as the key (Pre-shared secret) and the
> encryption settings are the same.
>
> I have had a heck of a time finding any detailed information
> on this and would greatly appreciate any feedback I can get.
>
> Thanks!
>
> "You know, sometimes it is the artist's task to find out how
> much music you can still make with what you have left." ---
> Itzhak Perlman (Nov. 18,
> 1995,)
> Matthew Dollinger
> IPSec/NQL Lab
>
>
>
> --------------------------------------------------------------------
> IETF IPng Working Group Mailing List
> IPng Home Page: http://playground.sun.com/ipng
> FTP archive: ftp://playground.sun.com/pub/ipng
> Direct all administrative requests to [EMAIL PROTECTED]
> --------------------------------------------------------------------
>
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
