Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!zaphod.mps.ohio-state.edu!sunybcs!boulder!daemon
From: jeff@nmsu.edu (Jeff Harris)
Newsgroups: comp.dcom.sys.cisco
Subject: ARP/Routers/Ethernet Encryption
Message-ID: <22267@boulder.Colorado.EDU>
Date: 14 Jun 90 22:30:36 GMT
Sender: daemon@boulder.Colorado.EDU
Lines: 48

We wish to implement the following

     +++++++  net1  ++++++++++   net2  +++++++
MVS -|DESNC|--------| router | --------|DESNC|---- Sun 
     +++++++        ++++++++++         +++++++ 

The machine MVS is attached to a DEC DESNC ethernet encryption device.
The basic function of the encryption device is to determine (by MAC
address) that two devices are permitted to talk to each other, and
then everything in the protocol stack above the MAC header is
encrypted.  The encryption/access control happens transparently as far
as the Sun and MVS are concerned.

When the DESNC's are connected via a level 2 bridge (or the router
is appropriately configured), then all is well.  The Sun makes an ARP
request for the MVS machine which is answered, then tries to establish
a session.  The DESNC's see that the e-net address of the Sun is
permitted to talk to the e-net address of the MVS machine, and permit
the connection.

As an aside, once the initial request for connection is made, and the
DESNC's permit the connection, the packets would no longer be IP (due
to the encryption), so would have to be bridged.

The problem arises when a router is stuck between the two.  When the
Sun ARP's for MVS, the router supplies it's own ethernet address.
The Sun then tries to establish a session using the router's e-net
address, which the DESNC does not recognize, and therefore the
connection fails.

A solution would be to make the router supply the correct e-net
address for MVS (even if it had to bridge that address).  Then the Sun
establishes the connection with the right address for MVS, the DESNC's
decide that the connection can be established, and all is well.

Any help would be greatly appreciated.

Thank you
Jeff Harris
Networking / Workstation Support
Computer Center - Room 133E
Box 30001 / Dept 3AT
New Mexico State University
Las Cruces, New Mexico 88003-0001

Internet: jeff@NMSU.Edu				Voice	: (505) 646-5110
UUCP	: sun!sunpeaks!sunnmex!nmsu!jeff	FAX	: (505) 646-5278
Bitnet	: jeff@nmsu