[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPSEC tunnels and Mobile IP
Does IPSEC tunnel mean I can forget about Mobile IP?
Here is the Mobile IP model as I understand it:
Client----- PPP[IP1]-----NAS/Mobile IP ------
[IP2][stuff][IP1]-----NAS/Mobile IP ---[xxx][IP1]---- client
Mobile IP Issue: Client passes Intranet addressed packets to the NAS.
I am assuming that VPN customers will want to encrypt their own data. I
am also assuming that VPN customers will want to 'hide' their Intranet
addresses. To achieve this, the client could use IPSEC ESP, and the
NAS/Mobile IP would need to re-encrypt to protect the Intranet address.
So, if the customer can do their own tunnel (IPSEC tunnel), why do I
need Mobile IP?
Well, there seems to be some loss of service going from Mobile IP to
IPSEC tunnels :
1) tunnel server address resolution
2) exposure to denial-of-service attacks
3) client needs global Internet address
These services COULD be replaced with other solutions - e.g. NAT,
Filtering, IPCP or DNS tunnel server address resolution.
Any other takes on this?
Cheers, Steve.
Follow-Ups: