Cisco's implementation of RFC 2406: IP Encapsulating Security Payload(ESP)

Discussion in 'Cisco' started by philbo30, Dec 19, 2007.

  1. philbo30

    philbo30 Guest

    Page 14 of RFC 2406 states:

    If the ICV validation fails, the receiver MUST discard the received IP
    datagram as invalid; this is an auditable event. The audit log entry
    for this event SHOULD include the SPI value, date/time received,
    Source Address, Destination Address, the Sequence Number, and (in
    IPv6) the Flow ID.

    Cisco claims that RFC 2406 is supported, thus, upon an ICV validation
    failure, it is fair to assume that an audit message would be generated
    per the RFC.

    So, two questions:

    1. What is this log message?
    2. What's the URL to Cisco that explains it?

    In advance, thnx for any info.
     
    philbo30, Dec 19, 2007
    #1
    1. Advertising

  2. Re: Cisco's implementation of RFC 2406: IP Encapsulating Security Payload (ESP)

    "philbo30" <> ha scritto nel messaggio
    news:...
    > Page 14 of RFC 2406 states:
    >
    > If the ICV validation fails, the receiver MUST discard the received IP
    > datagram as invalid; this is an auditable event. The audit log entry
    > for this event SHOULD include the SPI value, date/time received,
    > Source Address, Destination Address, the Sequence Number, and (in
    > IPv6) the Flow ID.
    >
    > Cisco claims that RFC 2406 is supported, thus, upon an ICV validation
    > failure, it is fair to assume that an audit message would be generated
    > per the RFC.
    >
    > So, two questions:
    >
    > 1. What is this log message?
    > 2. What's the URL to Cisco that explains it?
    >
    > In advance, thnx for any info.



    Hi,

    I think that "this is an auditable event" means just what it says... that's
    to say that auditing this event is not mandatory and if it is done, it
    SHOULD (but it's not a MUST) include the SPI, etc.


    Regards,
    Gabriele
     
    Gabriele Beltrame, Dec 20, 2007
    #2
    1. Advertising

  3. philbo30

    philbo30 Guest

    Re: Cisco's implementation of RFC 2406: IP Encapsulating SecurityPayload (ESP)

    On Dec 20, 5:12 am, "Gabriele Beltrame" <> wrote:
    > "philbo30" <> ha scritto nel messaggionews:...
    >
    >
    >
    > > Page 14 of RFC 2406 states:

    >
    > > If the ICV validation fails, the receiver MUST discard the received IP
    > > datagram as invalid; this is an auditable event. The audit log entry
    > > for this event SHOULD include the SPI value, date/time received,
    > > Source Address, Destination Address, the Sequence Number, and (in
    > > IPv6) the Flow ID.

    >
    > > Cisco claims that RFC 2406 is supported, thus, upon an ICV validation
    > > failure, it is fair to assume that an audit message would be generated
    > > per the RFC.

    >
    > > So, two questions:

    >
    > > 1. What is this log message?
    > > 2. What's the URL to Cisco that explains it?

    >
    > > In advance, thnx for any info.

    >
    > Hi,
    >
    > I think that "this is an auditable event" means just what it says... that's
    > to say that auditing this event is not mandatory and if it is done, it
    > SHOULD (but it's not a MUST) include the SPI, etc.
    >
    > Regards,
    > Gabriele


    I disagree. "Is an auditable event" implies that auditing the event is
    not an option, a log entry must be created to comply with the RFC. On
    the other hand, what is optional is the combination of informational
    items included in the mandatory log entry.

    Anyway, Cisco claims support for the RFC, so it will be interesting to
    find out how they are handling this particular part of it.
     
    philbo30, Dec 20, 2007
    #3
  4. Re: Cisco's implementation of RFC 2406: IP Encapsulating Security Payload (ESP)

    "philbo30" <> ha scritto nel messaggio
    news:...
    > On Dec 20, 5:12 am, "Gabriele Beltrame" <> wrote:
    >> "philbo30" <> ha scritto nel
    >> messaggionews:...
    >>
    >>
    >>
    >> > Page 14 of RFC 2406 states:

    >>
    >> > If the ICV validation fails, the receiver MUST discard the received IP
    >> > datagram as invalid; this is an auditable event. The audit log entry
    >> > for this event SHOULD include the SPI value, date/time received,
    >> > Source Address, Destination Address, the Sequence Number, and (in
    >> > IPv6) the Flow ID.

    >>
    >> > Cisco claims that RFC 2406 is supported, thus, upon an ICV validation
    >> > failure, it is fair to assume that an audit message would be generated
    >> > per the RFC.

    >>
    >> > So, two questions:

    >>
    >> > 1. What is this log message?
    >> > 2. What's the URL to Cisco that explains it?

    >>
    >> > In advance, thnx for any info.

    >>
    >> Hi,
    >>
    >> I think that "this is an auditable event" means just what it says...
    >> that's
    >> to say that auditing this event is not mandatory and if it is done, it
    >> SHOULD (but it's not a MUST) include the SPI, etc.
    >>
    >> Regards,
    >> Gabriele

    >
    > I disagree. "Is an auditable event" implies that auditing the event is
    > not an option, a log entry must be created to comply with the RFC. On
    > the other hand, what is optional is the combination of informational
    > items included in the mandatory log entry.
    >
    > Anyway, Cisco claims support for the RFC, so it will be interesting to
    > find out how they are handling this particular part of it.


    Hi,

    Maybe I'm wrong then, but what's the sense of having a mandatory audit event
    and then an optional but suggested information

    Note that RFC 2406 is now obsoleted by RFC 4303.
    From a very cursory look at the new RFC I think that the "auditable event"
    has gone missing.

    Reagards,
    Gabriele
     
    Gabriele Beltrame, Dec 20, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Greg
    Replies:
    2
    Views:
    1,916
  2. Arjan
    Replies:
    2
    Views:
    4,743
    Arjan
    Oct 13, 2005
  3. CCGolfer
    Replies:
    0
    Views:
    397
    CCGolfer
    Jun 8, 2004
  4. boxers999
    Replies:
    1
    Views:
    1,325
    boxers999
    Jan 10, 2008
  5. Uli Link
    Replies:
    3
    Views:
    1,407
    Thrill5
    Feb 9, 2010
Loading...

Share This Page