Question on iSCSI security

["Williams, Jim" <Jim.Williams@Emulex.com>]

I am not up to speed on security and IPSec, so
there is probably a simple answer to this.  I 
would be curious to know what it is.


Scenario:

A is an unwitting initiator, B is a malicious
target, and C is a victim target.

A attempts to log into B using IPSec.  B establishes
IPSec SA with C.  B is honest to IKE about its identity.
After establishing SA, B attempts to log into C, but
lies to the iSCSI layer and claims to be A.
B uses classic man-in-the-middle technique to get
A to respond to C's login challenge.  If this
works, then B has successfully logged into C
as A.

There are a number of similar scenarios with the
common thread that the attacker is truthful about
his identity to the IPSec layer, but lies about
his identity to the iSCSI layer.

These attacks are easily defeated if the iSCSI
layer cross checks remote end's identity with the 
IPSec layer.  But it is not clear how this is done
and whether it will be done or is required to 
be done.

If the IPSec layer verifies that the IP address
INSIDE the tunnel really belongs to B, and iSCSI
verifies that the IP address it sees really belongs
to A, and the data consulted for the verification
is secure, then one of these checks should fail,
but this seems like a stretch.

But perhaps I am missing something simple.