ICMP Processing

ICMP messages are critical to operation of the network. There are different types of ICMP messages. Some of the messages are errors and some are queries used to check the status of the network. The ICMP query messages are end to end and the IPSec processing afforded to these packets is the same as any other IP packets using normal SA processing. The ICMP error messages generated by the end hosts can also be treated as normal IP packets with respect to IPSec processing by performing the selector checks.

However, ICMP error messages generated by the routers need to be handled differently, particularly if a router is tunneling the ICMP packet generated by other routers. The routers at the tunnel origination and destination would have established a tunnel mode SA for their communication. This SA is used to forward ICMP error messages. However, the source address of the inner header will not be the tunnel origination address and the source address check at the destination will fail. The tunnel destination node has to be configured to ignore source address checks for ICMP error packets.

A deployment issue with IPSec is the decision whether to accept non-IPSec ICMP error packets or not. Many routers will not be IPSec-capable for some time to come and if the end host or routers were to drop these packets, it is detrimental to the operation of the network. However, not performing IPSec exposes the nodes to denial of service attacks. Unfortunately, there is no easy answer to this question. It is a matter of policy configuration and one could turn on IPSec processing even for ICMP error packets for offending nodes.

Top Previous page Table of content Next page IPSec (2nd Edition) ISBN: 013046189X EAN: 2147483647 Year: 2004 Pages: 76 Authors: Naganand Doraswamy, Dan Harkins BUY ON AMAZON Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems) Configuring, Manipulating, and Reusing ORM Models Mapping ORM Models to Logical Database Models Generating a Physical Database Schema Editing Logical Models”Intermediate Aspects Logical Database Model Reports ADO.NET 3.5 Cookbook (Cookbooks (OReilly)) Storing Connection Strings Getting Typed DataRows from DataViews Exporting the Results of a Query as a String Maintaining Database Integrity Reading and Writing Binary Data with Oracle Excel Scientific and Engineering Cookbook (Cookbooks (OReilly)) Entering Formulas Removing Weird Characters from Imported Text Rounding and Truncating Numbers Building Support for Vectors Figuring Out Required Rate of Return Postfix: The Definitive Guide Email Topics Message Store Formats Command-Based Filtering Appendix B. Postfix Commands C.5. Compiling Add-on Packages Cisco CallManager Fundamentals (2nd Edition) Call Routing Route Patterns and Route Filters Manageability Tools Troubleshooting CDR Data Generation and Storage QSIG Microsoft WSH and VBScript Programming for the Absolute Beginner Getting Started with the WSH and VBScript Constants, Variables, and Arrays Using Procedures to Organize Scripts Combining Different Scripting Languages Appendix C Whats on the CD-ROM? flylib.com © 2008-2017. If you may any questions please contact us: flylib@qtcs.net Privacy policy This website uses cookies. Click here to find out more. Accept cookies