A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W

tunnel

Click on the red underlined text to get to the source

... the requirements for host configuration in IPsec tunnel mode, and describes how DHCPv4 may be leveraged for configuration. ...

2. IPsec tunnel mode configuration requirements

... IPsec tunnel mode configuration requirements ...

... requirements of a host with an IPsec tunnel mode interface include the need to obtain an IPv4 address and other configuration parameters ...

... Leveraging DHCP for configuration of IPsec tunnel mode meets the basic requirements described in [21 ...

... IPv4, leveraging DHCPv4 [3] for the configuration of IPsec tunnel mode satisfies the basic requirements described in [21]. ...

... management today, reuse of DHCPv4 for IPsec tunnel mode address management ...

... DHCP server, not within the IKE implementation. As a result, the loss of a tunnel server does not result in the loss of configuration and addressing state ...

... authentication [5] is required, this can be supported on an IPsec tunnel mode interface as it would be on any other interface ...

... As described, DHCPv4 [3] meets the IPsec tunnel mode configuration requirements [21 ...

... requirements, nor does it provide the additional capabilities. As a result, DHCPv4 is the superior alternative for IPsec tunnel mode configuration. ...

3. Scenario overview

... security gateway, using IPsec tunnel mode. This host is then configured in such a manner so as to provide it with a virtual presence on the internal ...

... security gateway and then establish an IPsec tunnel to it. The remote host then interacts via the IPsec ...

... remote host then interacts via the IPsec tunnel with a DHCPv4 server which provides the remote host ...

... the host's original, routable IP address as the tunnel endpoint. The virtual identity assumed by the remote host ...

... intranet will be carried over the IPsec tunnel via the security gateway as shown below: ...

... interfaces are used in the outer and inner headers of the IPsec tunnel mode packet, respectively. ...

... The configuration of the intranet interface of the IPsec tunnel mode host is accomplished in the following steps: ...

... remote host establishes a DHCP SA with the IPsec tunnel mode server in a quick mode exchange. The DHCP ...

... quick mode exchange. The DHCP SA is an IPsec tunnel mode SA established to protect initial DHCPv4 traffic ...

... DHCP messages will be carried over a new IPsec tunnel. Alternatively, the remote host and the security gateway ...

... e. If a new IPsec tunnel is required, the remote host establishes a tunnel mode SA ...

... tunnel is required, the remote host establishes a tunnel mode SA to the security gateway in a quick mode exchange. ...

... with the intranet using an IPsec tunnel. All the IP traffic (including future DHCPv4 ...

... remote host and the intranet are now tunneled over this IPsec tunnel mode SA. ...

4. Detailed description

... htype 1 Hardware address type. Set to value 31. signifying an IPsec tunnel mode virtual interface. hlen 1 Hardware address ...

... DHCP message The htype value is set to the value 31, signifying a virtual IPsec tunnel mode interface, in order to enable the DHCP server to ...

... subnet provided that the remote host only brings up a single tunnel to the security gateway. Where a LAN ...

... For use in DHCPv4 configuration of IPsec tunnel mode, the client- identifier ...

... quick mode) DHCP SA tunnel mode SA is then established. The key lifetime for the DHCP ...

... 67. The DHCP SA is established as a tunnel mode SA with filters set as follows: ...

... DHCPDISCOVER or DHCPREQUEST) is then tunneled to the security gateway using the tunnel mode SA. Note that since the DHCPDISCOVER packet has a broadcast ...

... remote host on the correct IPsec tunnel, without having to keep state gleaned from the DISCOVER, such as a table of the xid, chaddr and tunnel ...

... tunnel, without having to keep state gleaned from the DISCOVER, such as a table of the xid, chaddr and tunnel. If the security gateway ...

... subnet for each IPsec tunnel, then this can be accomplished by inserting the appropriate interface address ...

... 17]. In this case, the virtual port number of the tunnel is inserted in the Agent Circuit ...

... Where allocating a separate subnet for each tunnel is not feasible, and the DHCP server does not support the Relay Agent Information Option ...

... Relay Agent behavior will not be possible. In such cases, implementations MAY devise a mapping between the xid, chaddr, and tunnel in order to route the DHCP server response to the ...

... route the DHCP server response to the appropriate tunnel endpoint. Note that this is particularly undesirable in large VPN servers where the resulting state ...

... and the Internet interface can establish a new IPsec tunnel mode SA to the security gateway ...

... delete the DHCP tunnel mode SA. All future DHCP messages sent by the client, ...

... the security gateway (acting as a DHCP Relay) using the IPsec tunnel mode SA, including DHCPOFFER, DHCPACK ...

... Internet-bound traffic through the tunnel. While this adds overhead to round-trips ...

5. Security Considerations

... filters or quick mode selectors on a per-tunnel basis. As described in [17 ...

6. IANA Considerations

... This document requires that an htype value be allocated for use with IPsec tunnel mode, as described in section 4.1. Note that DHCP relies on the arp-parameters registry ...

10. Appendix - IKECFG evaluation

... mutual authentication of the IPsec tunnel endpoints, it is difficult to integrate IKECFG with DHCPv4 authentication ...

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W

Previous | Next

Frontpage | Contents | Keywords

RFC-Ref.org

Sister Sites

Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org