[Sis-SCPS-INTEREST] TCP Acceleration of IPSEC Traffic
Feighery,Patrick D.
FEIGHERY at mitre.org
Mon Aug 1 10:14:13 EDT 2005
Well SCPS based, as well as all TCP PEP devices, need to see the
transport layer header to perform their function. Therefore you will
need to decrypt each segment before it gets to the PEP and re-encrypt it
once the PEP is done with it. This unfortunately means the PEP or a set
of boxed immediately bracketing the PEP must be trusted will all of the
keys of the IPSec traffic wanted to be accelerated.
Depending on the nature of your applications/environments the following
may not be feasible, but can you use some type of application layer
encryption to ensure the transport headers are in the clear?
Best Regards
Pat
>>-----Original Message-----
>>From: sis-scps-interest-bounces at mailman.ccsds.org
>>[mailto:sis-scps-interest-bounces at mailman.ccsds.org] On
>>Behalf Of Vanitha
>>Sent: Monday, August 01, 2005 10:30 AM
>>To: 'sis-scps-interest at mailman.ccsds.org'
>>Subject: [Sis-SCPS-INTEREST] TCP Acceleration of IPSEC Traffic
>>
>>Hi,
>>
>>If i need to accelerate the IPSEC Traffic over the satellite
>>what would be
>>the best approach. Should i need to terminate the IPSEC traffic(i.e
>>de-crypt the data) before i do TCP Acceleration.
>>
>>Thanks
>>Vanitha
>>
>>[This e-mail is confidential and may be priviledged. If you
>>are not the
>>intended recipient, please kindly notify us immediately and
>>delete the message
>>from your system; please do not copy or use it for any
>>purpose, nor disclose
>>its contents to any other person. Thank you.]
>>---ST Electronics Group---
>>
>>
>>_______________________________________________
>>Sis-SCPS-INTEREST mailing list
>>Sis-SCPS-INTEREST at mailman.ccsds.org
>>http://mailman.ccsds.org/cgi-bin/mailman/listinfo/sis-scps-interest
>>
More information about the Sis-SCPS-INTEREST
mailing list