Labels and Accreditation in Tunnel Mode IPsec (Solaris Trusted Extensions Administrator's Procedures)

Solaris Trusted Extensions Administrator's Procedures

Previous: Label Extensions for IKE
Next: Confidentiality and Integrity Protections With Label Extensions

Labels and Accreditation in Tunnel Mode IPsec

When application data packets are protected by IPsec in tunnel mode, the packets contain multiple IP headers.

The graphic shows an outer IP header followed by ESP
or AH, then an inner IP header, a TCP header, then data.

The IKE protocol's IP header contains the same source and destination address pair as the application data packet's outer IP header.

The graphic shows an outer IP header followed by a UDP
header, and finally the IKE key management protocol.

Trusted Extensions uses the inner IP header addresses for inner label accreditation checks. Trusted Extensions performs wire and key management label checks by using the outer IP header addresses. For information about the accreditation checks, see Trusted Extensions Accreditation Checks.

Previous: Label Extensions for IKE
Next: Confidentiality and Integrity Protections With Label Extensions