Solved: IPSEC encrypting an encrypted packet

rutledgek · ‎06-17-2004

Will IPSec encrypt a packet that is already encrypted? Does IPsec care whether the packet is encrypted already or does it just run the encryption on pack and decrypt it without caring if its encrypted already?

ehirsel · ‎06-17-2004

IPSec won't care if the packet is encrypted already. A case is ipsec-in-ipsec tunneling, where you would tunnel a ipsec session from your pc to a server over a lan-to-lan (or site-to-site) ipsec session.

The only thing that IPSec will rely on when deciding to protect/encrypt a packet is if the source and dest match an interesting access-list. So if the crypto acl says to permit ip net1 to net2 the ipsec protection will occur, even if a prior router applied ipsec between host1 on net1 and host2 on net2.

View solution in original post

ehirsel · ‎06-17-2004

IPSec won't care if the packet is encrypted already. A case is ipsec-in-ipsec tunneling, where you would tunnel a ipsec session from your pc to a server over a lan-to-lan (or site-to-site) ipsec session.

The only thing that IPSec will rely on when deciding to protect/encrypt a packet is if the source and dest match an interesting access-list. So if the crypto acl says to permit ip net1 to net2 the ipsec protection will occur, even if a prior router applied ipsec between host1 on net1 and host2 on net2.

rutledgek · ‎06-18-2004

Thanks for the reply. You confirmed what I suspected, that IPSec didn't care as long as it was interesting trafffic.