Subject: Re: IPSec and Compression
To: Matt Thomas <matt@3am-software.com>
From: J. Buck Caldwell <buckaroo@liveround.com>
List: tech-net
Date: 07/28/2003 13:47:50
Matt Thomas wrote:
>
> On Monday, July 28, 2003, at 09:40 AM, J. Buck Caldwell wrote:
>
>> So I've got my IPSec network tunnels up and running nicely, using
>> ESP/Transport. Now I'm interested in adding compression to the mix.
>> Any ideas? None of the stuff I can find on the web seems to talk much
>> about compression, only that it's supposed to be an integral offering
>> to IPSec.
>
> You need to negotiate the use of the IPCOMP protocol.
Yea... I had that figured. I was kinda hoping for a bit more detail. Given:
IPSEC.CONF:
spdadd corpaddr branchaddr any -P out ipsec esp/transport//require;
spdadd branchaddr corpaddr any -P in ipsec esp/transport//require;
Do I just need to add:
spdadd corpaddr branchaddr any -P out ipsec ipcomp/transport//require;
spdadd branchaddr corpaddr any -P in ipsec ipcomp/transport//require;
and the appropriate reversal on the other end? Do I need to specify
these lines before or after the esp lines, or is ordering handled
internally?