nanog mailing list archives
Re: IPv6, IPSEC and deep packet inspection
From: Nils Ketelsen <nils.ketelsen () kuehne-nagel com>
Date: Tue, 4 Jan 2005 09:44:01 -0500
On Fri, Dec 31, 2004 at 05:32:24PM +0000, Sam Stickland wrote:
Since IPSEC is an integral part of IPv6 won't this have an affect on the deep packet inspection firewalls? Is this type of inspection expected to work in IPv6?
Well it will work as good as the Virus-Scanning on Firewalls, when you use a SSL website.
Perhaps using some kind of NAP the firewall is allowed to speak on behalf of the host(s) it firewalls, so that to the client it appears to be the firewall itself appears to be the IPSEC endpoint?
If the IPSEC implementation allows that it is seriously broken. You are proposing the firewall to run a man in the middle attack. Nils
Current thread:
- Re: IPv6, IPSEC and deep packet inspection Christopher L. Morrow (Dec 31)
- <Possible follow-ups>
- Re: IPv6, IPSEC and deep packet inspection Stephen Sprunk (Dec 31)
- Re: IPv6, IPSEC and deep packet inspection Joe Abley (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Sean Donelan (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection bmanning (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Joe Abley (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Hank Nussbacher (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Nicolas FISCHBACH (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Kevin Oberman (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Manish Karir (Jan 01)
- Re: IPv6, IPSEC and deep packet inspection Nils Ketelsen (Jan 04)