endpoint
Click on the red underlined text to get to the source
... verification implies
that the packet came from the right IPv4 endpoint, because the SA is
bound to the IPv4 ...
... interface
in the direction of the route towards the tunnel endpoint, similar to
a Strict Reverse Path Forwarding (RPF ...
... SA via which it was received. The successful
verification implies that the packet came from the right endpoint.
The outer IPv4 addresses ...
... the inner IPv6 packet can be verified to have come from the right
tunnel endpoint.
As described in Section 5, using tunnel mode ...
... SPD
entries for protecting all traffic between the two endpoints must be
described. Evaluating against the requirements above, all link-local ...
... SPD entries assume that there are two routers, Router1
and Router2, with tunnel endpoint IPv4 addresses denoted IPV4-TEP1
...
... RFC4555] supports only tunnel
mode, when the IPv4 endpoints of a tunnel are dynamic and the other
constraints ...
... tunnel part. It is still possible for an IPv6
endpoint not attached to the IPsec tunnel to spoof packets.
...
... 2::/48". As the IPsec session between two endpoints does not
have an interface (though an implementation may have a common
...
... IKE_SA_INIT exchange. Once a NAT is detected and both
endpoints support IPsec NAT traversal extensions, UDP ...
... B.3. Tunnel Endpoint Discovery ...
... be obtained somehow. Once the address has been learned, it is
configured as the tunnel endpoint for the configured IPv6-in-IPv4
tunnel ...
... TUNN-AD].
However, simply discovering the tunnel endpoint is not sufficient for
establishing an IKE session ...
... PAD information (see
Section 5.2) also needs to be learned dynamically. Hence, currently,
automatic endpoint discovery provides benefit only if PAD information
is chosen in such a manner that it is not IP-address ...