Re: IPSEC tunnels and Mobile IP

[Gabriel Montenegro <gab@Eng.Sun.Com>]

> > IMNSHO, Mobile IP is for mobile units. ie cars, tanks, soldiers, and
> > pedestrians.  A notebook I plug into a phone jack in a hotel, car dealer,
> > or conference LAN does not need Mobile IP, only IPsec.
> 
> While not disagreeing in principle, I'd like to note that there is
> tremendous utility in using a dynamically assigned IP address from the
> wireless provider and setting up IPSEC tunneling associations
> authenticated by user identity.  In this way, a laptop can be mobile
> throughout a large wireless service structure and maintain secure
> connections without the necessity for level 3 handoffs.
> 
> Hilarie

Today, nomadicity as achieved by overloading ISAKMP via the mechanism 
alluded to by Bob, may seem sufficient. However, as Hilarie points out, 
there are definite advantages to solutions that incorporate full mobility via
a more flexible protocol that only does tunneling establishment. (Of course,
data transfer could -- and over the public internet, must -- be
done via ISAKMP.)

You can get goodies like multi-protocol and switching support, the ability
to compose compound tunnels for separate security domains, 
to virtually appear to be in a given place or places (your office, or another
location/domain), to preserve your sessions across
interface switching and/or migration, to incrementally
move beyond remote access into full mobility ... 

Maybe not essential, but it could be a compelling
competitive advantage...

-gabriel

---

References:

• Re: IPSEC tunnels and Mobile IP
• From: ho@earth.hpc.org (Hilarie Orman)

---

• Prev by Date: No Subject
• Next by Date: LAN-to-LAN IPSEC tunnels over the Internet
• Prev by thread: Re: IPSEC tunnels and Mobile IP
• Next by thread: Re: IPSEC tunnels and Mobile IP
• Index(es):
  • Main
  • Thread