IPv6, IPSEC and deep packet inspection

Nils Ketelsen nils.ketelsen at kuehne-nagel.com
Tue Jan 4 14:44:01 UTC 2005

On Fri, Dec 31, 2004 at 05:32:24PM +0000, Sam Stickland wrote:

> Since IPSEC is an integral part of IPv6 won't this have an affect on the 
> deep packet inspection firewalls? Is this type of inspection expected to 
> work in IPv6?

Well it will work as good as the Virus-Scanning on Firewalls,
when you use a SSL website. 

> Perhaps using some kind of NAP the firewall is allowed to speak on behalf 
> of the host(s) it firewalls, so that to the client it appears to be the 
> firewall itself appears to be the IPSEC endpoint?

If the IPSEC implementation allows that it
is seriously broken. You are proposing the firewall to run a man
in the middle attack. 


More information about the NANOG mailing list