IPv6, IPSEC and deep packet inspection
nils.ketelsen at kuehne-nagel.com
Tue Jan 4 14:44:01 UTC 2005
On Fri, Dec 31, 2004 at 05:32:24PM +0000, Sam Stickland wrote:
> Since IPSEC is an integral part of IPv6 won't this have an affect on the
> deep packet inspection firewalls? Is this type of inspection expected to
> work in IPv6?
Well it will work as good as the Virus-Scanning on Firewalls,
when you use a SSL website.
> Perhaps using some kind of NAP the firewall is allowed to speak on behalf
> of the host(s) it firewalls, so that to the client it appears to be the
> firewall itself appears to be the IPSEC endpoint?
If the IPSEC implementation allows that it
is seriously broken. You are proposing the firewall to run a man
in the middle attack.
More information about the NANOG